Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert
in a TEXTAREA element, as demonstrated by Firefox 54.0.1.
{ "github_reviewed_at": "2023-07-21T23:22:08Z", "cwe_ids": [ "CWE-79" ], "nvd_published_at": "2018-01-31T18:29:00Z", "severity": "MODERATE", "github_reviewed": true }