SYM_JSTS_0091 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Encoding or Escaping of Output
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-116: Improper Encoding or Escaping of Output |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Interpolating variables directly into HTML template literals without encoding can allow untrusted content to be rendered as HTML. This means that if the variable contains malicious code, it could be executed in the browser.
Impact
If exploited, an attacker could inject malicious scripts (XSS) into your web page, leading to data theft, session hijacking, or unauthorized actions performed on behalf of users. This can compromise user accounts and damage application trust.