xss-send-mail-html-message
xss-send-mail-html-message
Found request data in ‘send_mail(…)’ that uses ‘html_message’. This is dangerous because HTML emails are susceptible to XSS. An attacker could inject data into this HTML email, causing XSS.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
OWASP:
- A03:2021 - Injection
xss-html-email-body
xss-html-email-body
Found request data in an EmailMessage that is set to use HTML. This is dangerous because HTML emails are susceptible to XSS. An attacker could inject data into this HTML email, causing XSS.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
OWASP:
- A03:2021 - Injection