SYM_JSTS_0025 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Passing user-controlled data directly to the createNodesFromMarkup function can allow untrusted HTML or scripts to be injected into the page. This practice opens the door to cross-site scripting (XSS) attacks.
Impact
If exploited, an attacker could execute malicious scripts in users' browsers, potentially stealing session cookies, accessing sensitive data, or performing actions on behalf of users. This compromises user security and trust, and could lead to data breaches or regulatory issues.