{"id":"CVE-2018-19048","details":"Simditor through 2.3.21 allows DOM XSS via an onload attribute within a malformed SVG element.","aliases":["GHSA-8v67-x8q5-3x3g"],"modified":"2026-04-10T04:07:35.319875Z","published":"2019-05-13T14:29:00.957Z","references":[{"type":"ADVISORY","url":"https://github.com/mycolorway/simditor/releases/tag/v2.3.22"},{"type":"FIX","url":"https://github.com/mycolorway/simditor/commit/ef01a643cbb7f8163535d6bfb71135f80ec6a6fd"},{"type":"EVIDENCE","url":"https://github.com/hkglue/simditor_demo.git"},{"type":"EVIDENCE","url":"https://github.com/hkglue/simditor_dom_xss/blob/master/README.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mycolorway/simditor","events":[{"introduced":"0"},{"last_affected":"65d78cbfcb576f8963ba26a991c33d746be5add7"},{"fixed":"ef01a643cbb7f8163535d6bfb71135f80ec6a6fd"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.3.21"}]}}],"versions":["v1.0.0","v1.0.1","v1.0.2","v1.0.3","v1.0.4","v1.0.5","v2.0.0","v2.0.1","v2.0.2","v2.0.3","v2.0.4","v2.0.5","v2.0.6","v2.0.7","v2.1.0","v2.1.1","v2.1.10","v2.1.11","v2.1.12","v2.1.13","v2.1.14","v2.1.15","v2.1.2","v2.1.3","v2.1.4","v2.1.5","v2.1.6","v2.1.7","v2.1.8","v2.1.9","v2.2.0","v2.2.1","v2.2.2","v2.2.3","v2.2.4","v2.3.0","v2.3.1","v2.3.10","v2.3.11","v2.3.12","v2.3.13","v2.3.14","v2.3.15","v2.3.18","v2.3.19","v2.3.2","v2.3.20","v2.3.21","v2.3.3","v2.3.4","v2.3.5","v2.3.6","v2.3.7","v2.3.8","v2.3.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19048.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}