24 matches found
CVE-2018-19048
Simditor through 2.3.21 allows DOM XSS via an onload attribute within a malformed SVG element...
EUVD-2019-0460
Malware in sbrugna...
EUVD-2022-4734
Malicious code in bioql PyPI...
CVE-2018-6464
Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1...
dltsign-mobile (=0.1.0), simditor-autosave (=1.0.0) +4 more potentially affected by CVE-2018-6464 via simditor (>=2.1.14 <=2.2.3)
simditor NPM version =2.1.14, =2.0.2, =1.0.1, =2.0.4, =2.0.7 - simditor-prettyemoji =1.0.0 Source cves: CVE-2018-6464 Source advisory: OSV:GHSA-P9WJ-WRRM-84M5...
Simditor XSS Vulnerability
Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1...
GHSA-P9WJ-WRRM-84M5 Simditor XSS Vulnerability
Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1...
Cross-site Scripting (XSS)
simditor is vulnerable to cross-site scripting XSS. The attack can be triggered because it does not sanitize the DOM object properly, allowing an attacker to inject arbitrary Javascript within a malicious SVG element into a victim's browser via the onload parameter...
@levi-m/ide-kit (=10.1.0-beta.14), dltsign-mobile (=0.1.0) +6 more potentially affected by CVE-2018-19048 via simditor (>=2.1.14 <=2.3.21)
simditor NPM version =2.1.14, =2.0.2, =1.0.1, =2.0.4, =0.1.7, =1.1.24 Source cves: CVE-2018-19048 Source advisory: OSV:GHSA-8V67-X8Q5-3X3G...
Cross-Site Scripting in simditor
Versions of simditor prior to 2.3.22 are vulnerable to Cross-Site Scripting. The package does not sanitize user input that is rendered with innerHTML, allowing attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 2.3.22 or later...
GHSA-8V67-X8Q5-3X3G Cross-Site Scripting in simditor
Versions of simditor prior to 2.3.22 are vulnerable to Cross-Site Scripting. The package does not sanitize user input that is rendered with innerHTML, allowing attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 2.3.22 or later...
Cross-Site Scripting
Overview Versions of simditor prior to 2.3.22 are vulnerable to Cross-Site Scripting. The package does not sanitize user input that is rendered with innerHTML, allowing attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 2.3.22 or later. References - Snyk Report - GitHub...
CVE-2018-19048
Simditor through 2.3.21 allows DOM XSS via an onload attribute within a malformed SVG element...
CVE-2018-19048
Simditor through 2.3.21 allows DOM XSS via an onload attribute within a malformed SVG element...
CVE-2018-19048
Simditor up to version 2.3.21 is affected by a DOM XSS (attackable via an onload attribute in a malformed SVG element). The underlying issue is improper handling/sanitization of SVG onload events, enabling injection of arbitrary JavaScript in the user’s browser. Mitigation: upgrade to version 2.3...
CVE-2018-19048
Simditor through 2.3.21 allows DOM XSS via an onload attribute within a malformed SVG element...
Simditor cross-site scripting vulnerability (CNVD-2019-14696)
Simditor is a browser-based WYSIWYG text editor. A cross-site scripting vulnerability exists in Simditor 2.3.21 and earlier versions. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute...
Simditor Cross-Site Scripting Vulnerability
Simditor is a browser-based WYSIWYG text editor. A cross-site scripting vulnerability exists in Simditor version 2.3.11. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
Cross-site Scripting (XSS)
Simditor is vulnerable to cross-site scripting XSS attacks. The application does not properly sanitize the TEXTAREA element, allowing a malicious user to inject and execute arbitrary Javascript...
Design/Logic Flaw
Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1...