CVE-2018-6561 The dijit.Editor xss In source edit mode input xss payload <svg onload="alert(document.domain)">,and view,there is alert box