Property
Language	regex
Severity
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP	A07:2017 - Cross-Site Scripting (XSS)
Confidence Level	Low
Impact Level	Medium
Likelihood Level	Low

Description

Using unescaped variables with ‘&attributes’ in Pug templates can let untrusted data be injected directly into HTML attributes. This opens the door for attackers to insert malicious scripts if external data is passed here.

Impact

If exploited, an attacker could execute JavaScript in users’ browsers (XSS), potentially stealing session cookies, impersonating users, or defacing the site. This can lead to data breaches, loss of user trust, and compliance issues for your application.

Property
Language	regex
Severity
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP	A07:2017 - Cross-Site Scripting (XSS)
Confidence Level	Low
Impact Level	Medium
Likelihood Level	Low

Description

Using unescaped output (with ‘!=’ or ‘!{…}’) in Pug templates directly inserts data into HTML without any filtering. If this includes user-controlled or external data, it can allow attackers to inject malicious scripts into your pages.

Property
Language	regex
Severity
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP	A07:2017 - Cross-Site Scripting (XSS)
Confidence Level	Low
Impact Level	Medium
Likelihood Level	Low

Description

Using unsanitized template variables directly in the ‘href’ attribute of anchor tags can let attackers inject malicious links, such as those starting with ‘javascript:’. This exposes your application to cross-site scripting (XSS) attacks.

Impact

If exploited, an attacker could execute arbitrary JavaScript in the user’s browser, potentially stealing session cookies, user data, or performing actions on behalf of the user. This can lead to account compromise, data leaks, or unauthorized actions within your application.

Property
Language	generic
Severity
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP	A07:2017 - Cross-Site Scripting (XSS)
Confidence Level	Low
Impact Level	Medium
Likelihood Level	Low

Description

Detected a template variable used in a script tag. Although template variables are HTML escaped, HTML escaping does not always prevent cross-site scripting (XSS) attacks when used directly in JavaScript. If you need this data on the rendered page, consider placing it in the HTML portion (outside of a script tag). Alternatively, use a JavaScript-specific encoder, such as the one available in OWASP ESAPI.

Property
Language	generic
Severity
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP	A07:2017 - Cross-Site Scripting (XSS)
Confidence Level	Low
Impact Level	Medium
Likelihood Level	Low

Description

Detected a template variable used as the ‘src’ in a script tag. Although template variables are HTML escaped, HTML escaping does not always prevent malicious URLs from being injected and could results in a cross-site scripting (XSS) vulnerability. Prefer not to dynamically generate the ‘src’ attribute and use static URLs instead. If you must do this, carefully check URLs against an allowlist and be sure to URL-encode the result.

Property
Language	regex
Severity
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP	A07:2017 - Cross-Site Scripting (XSS)
Confidence Level	Low
Impact Level	Medium
Likelihood Level	Low

Description

The EJS template uses the ‘<%- … %>’ syntax to output unescaped content, which means any user-provided data rendered here will not be sanitized and could include malicious scripts. This exposes your application to cross-site scripting (XSS) attacks when external or unsanitized data is displayed without escaping.

Property
Language	regex
Severity
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP	A07:2017 - Cross-Site Scripting (XSS)
Confidence Level	Low
Impact Level	Medium
Likelihood Level	Low

Description

Inserting user-controlled variables directly into the ‘href’ attribute of anchor tags can let attackers inject malicious links, such as those starting with ‘javascript:’. This can make your site vulnerable to cross-site scripting (XSS) attacks.

Impact

If exploited, attackers could execute arbitrary JavaScript in the user’s browser, leading to data theft, session hijacking, or site defacement. This compromises user trust and could expose sensitive information or allow further attacks against your application and its users.

Property
Language	regex
Severity
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP	A07:2017 - Cross-Site Scripting (XSS)
Confidence Level	Low
Impact Level	Low
Likelihood Level	Low

Description

Rendering dynamic HTML using v-html in Vue can expose your application to cross-site scripting (XSS) attacks, especially if the content includes or is influenced by user input. This practice allows potentially unsafe code to be executed in the user’s browser.

Property
Language	generic
Severity
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP	A07:2017 - Cross-Site Scripting (XSS)
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	High

Description

The code includes URL parameters directly in Visualforce pages or scripts without escaping, allowing untrusted input to be rendered as part of the page. This exposes the application to Cross-Site Scripting (XSS) attacks because malicious users can inject harmful scripts through manipulated URLs.

Property
Language	generic
Severity
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP	A07:2017 - Cross-Site Scripting (XSS)
Confidence Level	High
Impact Level	Medium
Likelihood Level	High

Description

The Visualforce Page is configured with an API version below 55, which does not enforce the required Content Security Policy (CSP) headers. Without these headers, the page is more vulnerable to cross-site scripting (XSS) attacks.

Impact

Attackers could inject malicious scripts into the page, potentially stealing user data, hijacking sessions, or performing unauthorized actions on behalf of users. This can lead to data breaches, account compromise, and loss of user trust in the application.