Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Allowing dangerous HTML, disabling HTML escaping, or insecurely customizing link or image URI handling in react-markdown can make your app vulnerable to cross-site scripting (XSS) attacks. This happens when untrusted user content is rendered without proper sanitization.
Impact#
An attacker could inject malicious scripts into your application, leading to stolen user data, session hijacking, or unauthorized actions performed on behalf of your users. This compromises user trust and could result in data breaches or regulatory penalties.