24 matches found
Design/Logic Flaw
Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1...
CVE-2018-6464
Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1...
CVE-2018-6464
Summary : CVE-2018-6464 affects Simditor v2.3.11, where an attacker can trigger cross-site scripting (XSS) by crafting an SVG onload payload inside a TEXTAREA element, demonstrated with Firefox 54.0.1. The root cause is not explicitly detailed beyond the use of an SVG/onload payload in a TEXTAREA...
CVE-2018-6464
Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1...