This weakness leads to attacks such as Cross-Site Scripting (XSS) where an application includes untrusted data as part of the generated response that is sent to the user.

CWE-722: Weaknesses in OWASP Top Ten of 2004

CWE-992: Faulty Input Transformation Cluster

CWE-1407: Inadequate Neutralization of Special Elements

Learn about CWE-166, a vulnerability that leads to Cross-Site Scripting (XSS) attacks by incorporating untrusted data into responses sent to users.

CWE-166: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CWE-166: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Is your System Free of Underlying Vulnerabilities? Find Out Now

Is your System Free of Underlying Vulnerabilities?
Find Out Now