Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Using jQuery’s html() function can allow untrusted content to be injected directly into the page, leading to security risks like Cross-Site Scripting (XSS). If the input is not properly sanitized, attackers may execute malicious scripts in users’ browsers.
Impact#
If exploited, this vulnerability could let attackers steal user data, hijack user sessions, or perform actions on behalf of users. It can compromise the security and trust of your application, potentially leading to data breaches or defacement.