2 matches found
dltsign-mobile (=0.1.0), simditor-autosave (=1.0.0) +4 more potentially affected by CVE-2018-6464 via simditor (>=2.1.14 <=2.2.3)
simditor NPM version =2.1.14, =2.0.2, =1.0.1, =2.0.4, =2.0.7 - simditor-prettyemoji =1.0.0 Source cves: CVE-2018-6464 Source advisory: OSV:GHSA-P9WJ-WRRM-84M5...
CVE-2018-6464
Summary : CVE-2018-6464 affects Simditor v2.3.11, where an attacker can trigger cross-site scripting (XSS) by crafting an SVG onload payload inside a TEXTAREA element, demonstrated with Firefox 54.0.1. The root cause is not explicitly detailed beyond the use of an SVG/onload payload in a TEXTAREA...