Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Using the serialize-javascript library with the unsafe: true option can allow untrusted input to be serialized as raw JavaScript, making your application vulnerable to cross-site scripting (XSS) attacks. This happens because dangerous content isn’t properly escaped before being sent to the browser.
Impact#
If exploited, an attacker could inject malicious scripts into your web pages, leading to stolen user data, session hijacking, or defacement of your site. This can compromise both user security and the reputation of your application or organization.