Moderate severityNVD Advisory· Published Sep 24, 2019· Updated Aug 5, 2024
CVE-2019-16728
CVE-2019-16728
Description
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dompurifynpm | < 2.0.3 | 2.0.3 |
Affected products
2- DOMPurify/DOMPurifydescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-chqj-j4fh-rw7mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-16728ghsaADVISORY
- lists.debian.org/debian-lts-announce/2020/10/msg00029.htmlghsamailing-listx_refsource_MLISTWEB
- research.securitum.com/dompurify-bypass-using-mxssghsaWEB
- research.securitum.com/dompurify-bypass-using-mxss/mitrex_refsource_MISC
- www.npmjs.com/advisories/1205ghsaWEB
News mentions
0No linked articles in our index yet.