Detected the use of $TRUST. This can introduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use $TRUST, ensure it does not come from user-input or use the appropriate prevention mechanism e.g. input validation or sanitization depending on the context.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection