Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Property
Language
Severity
CWE	CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP	A07:2017 - Cross-Site Scripting (XSS)
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	High

Description#

User input is being directly inserted into manually constructed HTML strings without proper sanitization. This practice can introduce security risks if the input contains malicious code.

Impact#

If exploited, attackers could inject malicious scripts into your application’s web pages (Cross-Site Scripting/XSS), allowing them to steal user data, hijack sessions, or perform actions on behalf of users, potentially compromising sensitive information and user trust.