GrepRules
Sign inPublish rule
Explore/cve-2024-45299-java-unescaped-data-in-script-element

CVE-2024-45299: Java Unescaped Data In Script Element

Appending unescaped content directly to a `<script>` tag can lead to Cross-Site Scripting (XSS) or structural HTML breakage if the content contains a closing script tag (e.g., `</script>`). Ensure the content is properly encoded (e.g., using `UriUtils.encodeFragment` or `HtmlUtils.htmlEscape`) before appending it to the DOM. Avoid using standard JSON seriali

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0Javaβ
greprules fetch cve-2024-45299-java-unescaped-data-in-script-element --engine opengrep

Description

Appending unescaped content directly to a `<script>` tag can lead to Cross-Site Scripting (XSS) or structural HTML breakage if the content contains a closing script tag (e.g., `</script>`). Ensure the content is properly encoded (e.g., using `UriUtils.encodeFragment` or `HtmlUtils.htmlEscape`) before appending it to the DOM. Avoid using standard JSON seriali

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Quality signals
145 downloads0 direct145 via packs
· 0 stars · Quality score 80How quality works
Included packs
2 packs