SYM_PY_0103 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description
User input is being included directly in an HTML response without proper sanitization or escaping. This allows attackers to inject malicious scripts into the returned HTML, creating a cross-site scripting (XSS) vulnerability.
Impact
If exploited, attackers could execute arbitrary JavaScript in users' browsers, potentially stealing session cookies, user credentials, or sensitive data. This can lead to account compromise, data theft, and loss of user trust in the application.