2 matches found
Cross site scripting
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element...
CVE-2018-6561
CVE-2018-6561 affects dojo-dijit.Editor in Dojo Toolkit 1.13, enabling cross-site scripting via the onload attribute of an SVG element. The IBM/OSV records confirm the vulnerability details, including the XSS risk in Dijit.Editor and a base score of 6.1 (IBM X-Force vector: CVSS3.0), with exploit...