Description
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
Remediation
References
Related Vulnerabilities
PleskWin Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4878)
WordPress Plugin Media Library Categories Multiple Cross-Site Scripting Vulnerabilities (1.1.1)
WordPress Plugin SEO Redirection-301 Redirect Manager Cross-Site Scripting (6.4)
WordPress Plugin BCS BatchLine Book Importer Security Bypass (1.5.7)