Xss
Jsf
autoescape-disabled
autoescape-disabled
Detected an element with disabled HTML escaping. If external data can reach this, this is a cross-site scripting (XSS) vulnerability. Ensure no external data can reach here, or remove ‘escape=false’ from this element.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences
OWASP:
- A
- 0
- 7
- :
- 2
- 0
- 1
- 7
-
- -
-
- C
- r
- o
- s
- s
- -
- S
- i
- t
- e
-
- S
- c
- r
- i
- p
- t
- i
- n
- g
-
- (
- X
- S
- S
- )