SYM_JSTS_0121 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
User input is being directly inserted into HTML responses without proper sanitization or encoding. This can allow attackers to inject malicious scripts into web pages returned by your AWS Lambda function.
Impact
If exploited, attackers could execute scripts in users' browsers (cross-site scripting), steal session cookies or sensitive data, deface web pages, or perform actions on behalf of users, putting both user accounts and organizational data at risk.