Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Using eval() in JavaScript can execute code from user input, which is dangerous because it may allow attackers to inject malicious scripts. This practice makes your application vulnerable to cross-site scripting (XSS) attacks.
Impact#
If exploited, attackers can run arbitrary JavaScript in users’ browsers, leading to data theft, session hijacking, defacement, or spreading malware. This compromises user trust and may result in data breaches or regulatory penalties.