CVE-2018-6561

Name of the Vulnerable Software and Affected Versions Dojo Toolkit version 1.13

Description The issue is related to the dijit.Editor component in Dojo Toolkit, which allows for cross-site scripting (XSS) attacks via the onload attribute of an SVG element. This can enable a remote attacker to perform cross-site scripting attacks.

Recommendations For Dojo Toolkit version 1.13, consider disabling the use of SVG elements with the onload attribute in the dijit.Editor component until a patch is available. Restrict access to the dijit.Editor component to minimize the risk of exploitation. Avoid using the onload attribute in SVG elements within the dijit.Editor component until the issue is resolved.