Overview :
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.
Affected Product(s) :
  • DOMPurify 2.0.0
Vulnerability Details :
CVE ID :CVE-2019-16728
The main security problem arising here is that the user might include malicious HTML/JavaScript code and introduce XSS.

Solution : If you use DOMPurify, you should update it immediately to version 2.0.1 or newer.