Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Property
Language
Severity
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP	A07:2017 - Cross-Site Scripting (XSS)
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Medium

Description#

User input is being directly inserted into HTML strings without proper sanitization or escaping. This approach can bypass secure HTML rendering methods and expose the application to cross-site scripting (XSS) attacks.

Impact#

If exploited, an attacker could inject malicious scripts into your web pages, potentially stealing user data, hijacking sessions, or performing actions on behalf of users. This can lead to data breaches, compromised accounts, and damage to user trust.

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Description#

Impact#