SYM_JSTS_0012 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Using unsanitized variables in the 'href' attribute of anchor tags in React can allow attackers to inject 'javascript:' URLs. This can enable cross-site scripting (XSS) attacks if user input is not properly validated.
Impact
If exploited, an attacker could execute malicious JavaScript in the context of your users' browsers, potentially stealing sensitive data, hijacking sessions, or performing actions on behalf of users. This compromises both user security and the integrity of your application.