SYM_GEN_0006 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Property | Value |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Interpolating untrusted variables directly into JavaScript template strings within HTML templates allows attackers to inject malicious scripts. This exposes the application to cross-site scripting (XSS) vulnerabilities if user input is not properly escaped.
Impact
If exploited, an attacker could execute arbitrary JavaScript in users' browsers, leading to theft of sensitive data, session hijacking, or manipulation of site content. This can compromise user accounts, damage trust, and potentially allow further attacks on your application or its users.