SYM_JAVA_0075 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The custom XSSRequestWrapper implementation uses insecure filtering techniques to remove malicious input, but attackers can easily bypass these filters to inject harmful scripts. Relying on such manual filtering instead of robust, well-maintained libraries leaves your application vulnerable to XSS attacks.
Impact
If exploited, attackers could inject malicious scripts into web pages viewed by other users, leading to theft of sensitive data, session hijacking, or manipulation of user actions. This compromises user trust, can result in data breaches, and may expose your organization to regulatory or reputational harm.