Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
User input is being directly inserted into HTML responses without proper sanitization or encoding. This can allow attackers to inject malicious scripts into web pages returned by your AWS Lambda function.
Impact#
If exploited, attackers could execute scripts in users’ browsers (cross-site scripting), steal session cookies or sensitive data, deface web pages, or perform actions on behalf of users, putting both user accounts and organizational data at risk.