SYM_GEN_0021 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Property | Value |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
User-controlled data is being directly inserted into the href attribute of an anchor tag. This allows attackers to inject malicious links, such as those starting with 'javascript:', leading to possible cross-site scripting (XSS) attacks.
Impact
If exploited, an attacker could execute arbitrary JavaScript in the user's browser, potentially stealing session cookies, compromising user accounts, or defacing the site. This can result in loss of user trust and potential legal or compliance issues for the organization.