Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
| Property | |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Template variables are being directly inserted into HTML tags, allowing user input to influence the structure of the HTML. This can create a security risk if untrusted data is used, as it may enable attackers to inject malicious scripts.
Impact#
If exploited, an attacker could perform cross-site scripting (XSS) attacks, allowing them to steal user data, hijack user sessions, or manipulate web page content. This can compromise user accounts, damage trust, and potentially lead to broader system breaches.