Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Using Go’s text/template package to render HTML does not automatically escape user-generated content, which can lead to unsafe output. This makes your web application vulnerable to Cross-Site Scripting (XSS) attacks.
Impact#
If exploited, attackers can inject malicious scripts into your web pages, potentially stealing user data, hijacking sessions, or defacing your application. This can undermine user trust, compromise sensitive information, and expose your organization to security incidents.