SYM_JSTS_0108 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Property Value
Language javascript
Severity low
CWE CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OWASP A07:2017 - Cross-Site Scripting (XSS)
Confidence Level Low
Impact Level Low
Likelihood Level Low

Description

The code uses a variable with unknown or uncontrolled content inside a <script> tag. If this variable can be influenced by users, it may allow attackers to inject malicious JavaScript into your web page.

Impact

If exploited, this vulnerability could let attackers execute arbitrary scripts in users' browsers, leading to data theft, session hijacking, or manipulation of the website. This can compromise user accounts, leak sensitive information, and damage user trust in your application.

This content has been partially generated using AI and may contain some minor errors.

© 2025 Symbiotic Security. All rights reserved.

⚠️ **GitHub.com Fallback** ⚠️