SYM_GEN_0009 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Property | Value |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
A template variable is being used as an HTML attribute value without quotes. This allows untrusted user input to be inserted directly into the HTML, which can lead to security issues if the input contains malicious code.
Impact
If exploited, an attacker could inject JavaScript into your web page (Cross-Site Scripting/XSS), potentially stealing user data, hijacking sessions, or performing actions as the user. This can compromise both user accounts and the integrity of the application.