Skip to main content
Detected data rendered directly to the end user via ‘response’ This bypasses Laravel’s built-in cross-site scripting (XSS) defenses and could result in an XSS vulnerability. Use Laravel’s template engine to safely render HTML.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection