Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
User input is being written directly to the HTTP response without proper HTML escaping or sanitization. This allows attackers to inject malicious scripts into your web pages, leading to a Cross-Site Scripting (XSS) vulnerability.
Impact#
If exploited, attackers can execute arbitrary JavaScript in users’ browsers, potentially stealing sensitive data, hijacking user sessions, or defacing your site. This puts both your users and your application’s reputation at serious risk.