Simditor · Simditor · CVE-2018-19048
**Name of the Vulnerable Software and Affected Versions**
Simditor versions prior to 2.3.22
**Description**
The issue allows for DOM XSS via an onload attribute within a malformed SVG element. It is caused by the package not sanitizing user input that is rendered with `innerHTML`, allowing attackers to execute arbitrary JavaScript.
**Recommendations**
For Simditor versions prior to 2.3.22, upgrade to version 2.3.22 or later.