SYM_JSTS_0154 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Server-Side Request Forgery (SSRF)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
Passing untrusted user input directly to Playwright's addInitScript method allows attackers to inject and execute arbitrary scripts in browser contexts. This can expose your application to security risks if the input is not properly validated or sanitized.
Impact
If exploited, an attacker could execute malicious code in the browser, potentially leading to unauthorized data access, session hijacking, or performing actions as the user. This can compromise sensitive information, user accounts, or even allow the attacker to interact with internal resources via SSRF.