Simditor through 2.3.21 allows DOM XSS via an onload attribute within a malformed SVG element.