CVE-2019-16728 (dompurify)

DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.
Source: NIST
CVE-2019-16728 (dompurify)