Description

dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.

Remediation

References

Related Vulnerabilities