SYM_JSTS_0074 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Manually replacing special HTML characters in user input (e.g., using replace or replaceAll) to sanitize data is error-prone and can miss edge cases, leaving your code vulnerable. It's safer to use a well-maintained sanitization library designed for this purpose.
Impact
If input is not properly sanitized, attackers can inject malicious scripts (XSS), leading to data theft, session hijacking, or defacement of your web application. This can compromise user trust, expose sensitive information, and potentially damage your organization's reputation.