Improper Encoding or Escaping of Output
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-116: Improper Encoding or Escaping of Output |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
This code uses JSP scriptlets (<% … %>) to embed Java directly in JSP files, which is outdated and makes code harder to maintain and secure. Scriptlets can easily introduce security flaws, especially related to improper handling of user input and output.
Impact#
Attackers may exploit improper encoding or escaping in scriptlets to perform injection attacks, such as Cross-Site Scripting (XSS), potentially leading to data theft or compromise of user accounts. Continued use of scriptlets increases the risk of security mistakes that can affect the entire application.