2 matches found
@levi-m/ide-kit (=10.1.0-beta.14), dltsign-mobile (=0.1.0) +6 more potentially affected by CVE-2018-19048 via simditor (>=2.1.14 <=2.3.21)
simditor NPM version =2.1.14, =2.0.2, =1.0.1, =2.0.4, =0.1.7, =1.1.24 Source cves: CVE-2018-19048 Source advisory: OSV:GHSA-8V67-X8Q5-3X3G...
CVE-2018-19048
Simditor up to version 2.3.21 is affected by a DOM XSS (attackable via an onload attribute in a malformed SVG element). The underlying issue is improper handling/sanitization of SVG onload events, enabling injection of arbitrary JavaScript in the user’s browser. Mitigation: upgrade to version 2.3...