Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Rendering dynamic HTML using v-html in Vue can expose your application to cross-site scripting (XSS) attacks, especially if the content includes or is influenced by user input. This practice allows potentially unsafe code to be executed in the user’s browser.
Impact#
If exploited, attackers could inject malicious scripts into your site, leading to data theft, session hijacking, or unauthorized actions on behalf of users. This can compromise user trust, leak sensitive information, and potentially damage your application’s reputation.