xss-controller-html
The application is sending dynamically generated HTML to the client without escaping potentially untrusted input. This can lead to Cross-Site Scripting (XSS).
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation
OWASP:
- A03:2021 - Injection
xss-controller-html
The application is sending dynamically generated HTML to the client without escaping potentially untrusted input. This can lead to Cross-Site Scripting (XSS).
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation
OWASP:
- A03:2021 - Injection