Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Using unsanitized variables in the ‘href’ attribute of anchor tags in React can allow attackers to inject ‘javascript:’ URLs. This can enable cross-site scripting (XSS) attacks if user input is not properly validated.
Impact#
If exploited, an attacker could execute malicious JavaScript in the context of your users’ browsers, potentially stealing sensitive data, hijacking sessions, or performing actions on behalf of users. This compromises both user security and the integrity of your application.