DOMPurify Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-16728 - Vulnerability Database
DOMPurify Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-16728
Medium
Reference:
CVE-2019-16728
Title:
DOMPurify Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element as demonstrated by Chrome and Safari.