SYM_GEN_0037 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Property | Value |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Rendering dynamic HTML using v-html in Vue can expose your application to cross-site scripting (XSS) attacks, especially if the content includes or is influenced by user input. This practice allows potentially unsafe code to be executed in the user's browser.
Impact
If exploited, attackers could inject malicious scripts into your site, leading to data theft, session hijacking, or unauthorized actions on behalf of users. This can compromise user trust, leak sensitive information, and potentially damage your application's reputation.