SYM_JSTS_0125 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
User input is being directly inserted into HTML strings without proper sanitization or escaping. This approach can bypass secure HTML rendering methods and expose the application to cross-site scripting (XSS) attacks.
Impact
If exploited, an attacker could inject malicious scripts into your web pages, potentially stealing user data, hijacking sessions, or performing actions on behalf of users. This can lead to data breaches, compromised accounts, and damage to user trust.