SYM_JSTS_0072 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Property Value
Language javascript
Severity high
CWE CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OWASP A07:2017 - Cross-Site Scripting (XSS)
Confidence Level Medium
Impact Level Medium
Likelihood Level High

Description

User input is being directly inserted into HTML responses without proper sanitization. This allows attackers to inject malicious scripts (XSS) if the input is not trusted.

Impact

If exploited, attackers can execute arbitrary JavaScript in users' browsers, leading to data theft, session hijacking, or defacement of your application, potentially compromising user accounts and trust.