Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
| Property | |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
A template variable is being used as an HTML attribute value without quotes. This allows user input to be injected directly into the page, which can let attackers add malicious code.
Impact#
If exploited, an attacker could inject arbitrary JavaScript into your application, leading to cross-site scripting (XSS) attacks. This can result in stolen user data, compromised accounts, or further attacks against your users and systems.