Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package simditor, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2018-6464 — CVSS 6.1 (medium): Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1.