SYM_RB_0078 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description
User input is being directly inserted into manually constructed HTML strings without proper sanitization. This practice can introduce security risks if the input contains malicious code.
Impact
If exploited, attackers could inject malicious scripts into your application's web pages (Cross-Site Scripting/XSS), allowing them to steal user data, hijack sessions, or perform actions on behalf of users, potentially compromising sensitive information and user trust.