Skip to main content
If user input reaches HoverProvider while supportHml is set to true it may introduce an XSS vulnerability. Do not produce HTML for hovers with dynamically generated input.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection