SYM_GO_0054 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Property Value
Language go
Severity high
CWE CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OWASP A07:2017 - Cross-Site Scripting (XSS)
Confidence Level Medium
Impact Level Medium
Likelihood Level High

Description

User input is being directly inserted into manually built HTML strings without proper sanitization. This bypasses safe rendering methods and can let malicious code be injected into web pages.

Impact

If exploited, attackers could execute JavaScript in users' browsers (XSS), potentially stealing sensitive data like session cookies, impersonating users, or defacing your site. This can lead to data breaches and loss of user trust.