SYM_GEN_0301 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Property Value
Language generic
Severity low
CWE CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OWASP A07:2017 - Cross-Site Scripting (XSS)
Confidence Level Low
Impact Level Medium
Likelihood Level Low

Description

Rendering JSON data directly in HTML using @Html.Raw without proper encoding can expose your application to cross-site scripting (XSS) attacks. Special characters in the JSON, like </script>, may break out of script contexts and allow attackers to inject malicious scripts.

Impact

If exploited, attackers could execute arbitrary JavaScript in users' browsers, leading to data theft, session hijacking, or defacement. This compromises user trust and may result in data breaches or legal consequences for your organization.

This content has been partially generated using AI and may contain some minor errors.

© 2025 Symbiotic Security. All rights reserved.

⚠️ **GitHub.com Fallback** ⚠️