Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Property
Language
Severity
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP	A07:2017 - Cross-Site Scripting (XSS)
Confidence Level	Low
Impact Level	Medium
Likelihood Level	Low

Description#

Using user-controlled input directly as a jQuery selector (e.g., $(’…’)) can allow malicious users to inject code into your page. This makes your application vulnerable to cross-site scripting (XSS) attacks.

Impact#

If exploited, attackers could execute arbitrary JavaScript in the user’s browser, leading to stolen session cookies, account compromise, or manipulation of page content. This can result in data breaches, loss of user trust, and potential regulatory violations.