Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Property	Value
Language
Severity
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OWASP	A07:2017 - Cross-Site Scripting (XSS)
Confidence Level	Low
Impact Level	Medium
Likelihood Level	Low

Description

Using eval() in JavaScript can execute code from user input, which is dangerous because it may allow attackers to inject malicious scripts. This practice makes your application vulnerable to cross-site scripting (XSS) attacks.

Impact

If exploited, attackers can run arbitrary JavaScript in users' browsers, leading to data theft, session hijacking, defacement, or spreading malware. This compromises user trust and may result in data breaches or regulatory penalties.