Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Property
Language
Severity
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP	A07:2017 - Cross-Site Scripting (XSS)
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Medium

Description#

Using React’s dangerouslySetInnerHTML with dynamic or user-provided data can expose your app to cross-site scripting (XSS) attacks. This happens when unsanitized HTML is injected directly into the DOM, allowing attackers to run malicious scripts.

Impact#

If exploited, attackers could steal user data, hijack sessions, or deface your site by executing malicious JavaScript in your users’ browsers. This compromises user trust and can lead to data breaches or compliance violations.

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Description#

Impact#