Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Inserting user-controlled variables directly into the ‘href’ attribute of anchor tags can let attackers inject malicious links, such as those starting with ‘javascript:’. This can make your site vulnerable to cross-site scripting (XSS) attacks.
Impact#
If exploited, attackers could execute arbitrary JavaScript in the user’s browser, leading to data theft, session hijacking, or site defacement. This compromises user trust and could expose sensitive information or allow further attacks against your application and its users.