Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
| Property | |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Using template variables directly inside tags can allow untrusted data to be interpreted as JavaScript code. HTML escaping does not fully protect against cross-site scripting (XSS) when injecting data into scripts.
Impact#
If exploited, attackers could inject malicious JavaScript into your page, enabling them to steal user data, hijack sessions, or manipulate site content. This can compromise user accounts and damage trust in your application.