Vulnerabilities/

Simditor XSS Vulnerability

Severity:: Medium

Description

Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1.

Recommendation

No fix is available yet. Followings are affected versions:

<= 2.3.11

References

Related Issues

Tags:: npm; simditor

Anything's wrong? Let us know Last updated on October 06, 2023