Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Property
Language
Severity
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP	A07:2017 - Cross-Site Scripting (XSS)
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	High

Description#

User input is being directly inserted into HTML responses without proper sanitization. This allows attackers to inject malicious scripts (XSS) if the input is not trusted.

Impact#

If exploited, attackers can execute arbitrary JavaScript in users’ browsers, leading to data theft, session hijacking, or defacement of your application, potentially compromising user accounts and trust.