Razor
Security
html-raw-json
html-raw-json
Unencoded JSON in HTML context is vulnerable to cross-site scripting, because </script>
is not properly encoded.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection