Found request data in ‘send_mail(…)’ that uses ‘html_message’. This is dangerous because HTML emails are susceptible to XSS. An attacker could inject data into this HTML email, causing XSS. Likelihood: MEDIUM Confidence: MEDIUM CWE: - CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
OWASP: - A03:2021 - Injection
xss-html-email-body
Found request data in an EmailMessage that is set to use HTML. This is dangerous because HTML emails are susceptible to XSS. An attacker could inject data into this HTML email, causing XSS. Likelihood: MEDIUM Confidence: MEDIUM CWE: - CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
OWASP: - A03:2021 - Injection