Tag: injection

User input is directly used in rendering or evaluating templates without proper validation or sanitization.

User input in setAttribute could lead to trust boundary violation.

Improper input validation, sanitization, and access controls are can lead to path traversal vulnerabilities.

Objects that parse or handle XML can lead to XML External Entity (XXE) attacks when misconfigured.

Relying on potentially untrusted user inputs when constructing web application outputs can lead to cross-site scripting vulnerabilities.