SYM_JSTS_0009 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
Assigning dynamic or user-provided values directly to DOM properties like innerHTML or outerHTML in React can allow malicious scripts to be injected and executed. Always sanitize any HTML content before inserting it into the DOM.
Impact
If exploited, attackers could execute arbitrary JavaScript in users' browsers, leading to data theft, account compromise, or defacement of your site. This cross-site scripting (XSS) vulnerability can undermine user trust and expose sensitive information.