Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Property
Language
Severity
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP	A07:2017 - Cross-Site Scripting (XSS)
Confidence Level	Low
Impact Level	Medium
Likelihood Level	Low

Description#

The code passes dynamically constructed or user-influenced strings directly to template.URL(), which does not escape input. This can allow untrusted data to be inserted into web pages as URLs without proper sanitization.

Impact#

If exploited, attackers could inject malicious JavaScript or crafted links, leading to cross-site scripting (XSS) attacks. This can result in data theft, session hijacking, or compromise of user accounts and sensitive information.

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Description#

Impact#