Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Passing user-controlled data directly into jQuery methods like html(), append(), or similar DOM manipulation functions can allow malicious scripts to be injected into the page. This creates a risk of Cross-Site Scripting (XSS) vulnerabilities if the input is not properly sanitized.
Impact#
If exploited, attackers could execute arbitrary JavaScript in users’ browsers, potentially stealing session cookies, user data, or performing actions on behalf of the user. This compromises user security and trust, and may lead to data breaches or further attacks on your application.