Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
User input is being directly inserted into HTML strings that are manually built in Python code. This bypasses standard HTML escaping and can make the application vulnerable to cross-site scripting (XSS) attacks.
Impact#
If exploited, attackers could inject malicious scripts into the web page, allowing them to steal user data, perform unauthorized actions, or compromise user accounts. This can lead to data breaches, loss of user trust, and regulatory consequences for the organization.