Server-Side Request Forgery (SSRF)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Passing untrusted user input directly to Playwright’s setContent method can allow attackers to inject malicious HTML or scripts. This can expose your server to unexpected outbound requests or manipulation.
Impact#
If exploited, attackers could trick your server into making requests to internal or external systems (SSRF), potentially gaining access to sensitive resources or enabling further attacks against your infrastructure.