Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
| OWASP | A07:2017 - Cross-Site Scripting (XSS) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Using ‘Markup()’ or similar functions to render content without escaping allows raw HTML to be inserted directly into the page. If this content comes from untrusted sources, it can introduce serious security risks.
Impact#
Attackers could inject malicious scripts (XSS) into your application, leading to stolen user data, session hijacking, or manipulation of the site’s behavior. This can compromise user trust and potentially expose sensitive information.