Simditor through 2.3.21 allows DOM XSS via an onload attribute within a malformed SVG element.
6.1CVSS
5.9AI Score
0.001EPSS
Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1.
6.1CVSS
5.8AI Score
0.001EPSS