Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
| Property | |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
A template variable is being used directly inside a tag without proper JavaScript escaping. This means user input could be inserted into JavaScript code, potentially allowing malicious scripts to run.
Impact#
If exploited, attackers could inject and execute arbitrary JavaScript in users’ browsers, leading to theft of sensitive data, session hijacking, or defacement of the site. This can compromise user accounts and damage trust in your application.