SYM_HTML_0002 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Assigning values directly to innerHTML or outerHTML can make your application vulnerable to Cross-Site Scripting (XSS) if the content includes user input. This allows attackers to inject malicious scripts into your web page.
Impact
If exploited, attackers could execute arbitrary JavaScript in the user's browser, potentially stealing sensitive information, hijacking sessions, or performing actions on behalf of users. This can compromise user data, damage trust, and lead to broader security breaches.