npm package
simditor
pkg:npm/simditor
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-19048 | — | < 2.3.22 | 2.3.22 | May 13, 2019 | Simditor through 2.3.21 allows DOM XSS via an onload attribute within a malformed SVG element. | ||
| CVE-2018-6464 | — | <= 2.3.11 | — | Jan 31, 2018 | Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1. |
- CVE-2018-19048May 13, 2019affected < 2.3.22fixed 2.3.22
Simditor through 2.3.21 allows DOM XSS via an onload attribute within a malformed SVG element.
- CVE-2018-6464Jan 31, 2018affected <= 2.3.11
Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1.