DOMPurify 2.0.1 and Earlier: XSS Vulnerability via innerHTML Mutation (mXSS) in SVG or MATH Element
CVE-2019-16728 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.
Learn more about our Cis Benchmark Audit For Google Chrome.