DOMPurify 2.0.1 and Earlier: XSS Vulnerability via innerHTML Mutation (mXSS) in SVG or MATH Element

DOMPurify 2.0.1 and Earlier: XSS Vulnerability via innerHTML Mutation (mXSS) in SVG or MATH Element

CVE-2019-16728 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.

Learn more about our Cis Benchmark Audit For Google Chrome.