SYM_PY_0199 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description
User input is being directly inserted into manually constructed HTML strings instead of using Django templates or safe rendering methods. This practice can allow attackers to inject malicious scripts into your web pages.
Impact
If exploited, an attacker could execute JavaScript in the context of users' browsers (Cross-Site Scripting/XSS), potentially stealing session cookies, account data, or performing actions on behalf of users. This compromises both user data and trust in your application.