SYM_JSTS_0152 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Server-Side Request Forgery (SSRF)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Passing untrusted user input directly to Playwright's setContent method can allow attackers to inject malicious HTML or scripts. This can expose your server to unexpected outbound requests or manipulation.
Impact
If exploited, attackers could trick your server into making requests to internal or external systems (SSRF), potentially gaining access to sensitive resources or enabling further attacks against your infrastructure.