Launch Week Day 1: Announcing Security Design Review
Start for Free
MEDIUM 6.1 npm

dijit editor cross-site scripting vulnerability

GHSA-wp32-wq34-2rqh · CVE-2018-6561

Published · Modified

Description

dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes