Description
Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1.
Remediation
References
https://github.com/Heartway/simditor/blob/master/simditor.docx
Related Vulnerabilities
CVE-2020-10591 Vulnerability in maven package com.walmartlabs.concord.server:concord-server-impl
CVE-2019-6284 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2020-9483 Vulnerability in maven package org.apache.skywalking:oap-server
CVE-2020-25711 Vulnerability in maven package org.infinispan:infinispan-server-runtime
CVE-2020-8127 Vulnerability in maven package org.webjars:reveal.js