SYM_JSTS_0077 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Assigning user-controlled data directly to an element's innerHTML allows attackers to inject malicious scripts into your web page. This makes your application vulnerable to cross-site scripting (XSS) attacks.
Impact
If exploited, an attacker could execute arbitrary JavaScript in users' browsers, potentially stealing session tokens, user data, or performing actions on behalf of users. This can lead to data breaches, account compromise, and loss of user trust.