Dynamically rendering arbitrary HTML on your website can be very dangerous because it can easily lead to XSS vulnerabilities. Only use HTML interpolation on trusted content and never on user-provided content. Likelihood: LOW Confidence: LOW CWE: - CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP: - A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection