Cross-site scripting hack in DOMPurify 2.0.0
Overview : DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari. Affected Product(s) : DOMPurify 2.0.0 Vulnerability Details : CVE ID : CVE-2019-16728 The main security problem arising here is that the user might include malicious HTML/JavaScript code and […]