| Details | |
|---|---|
| Alert ID | 220005-6 |
| Alert Type | Tool |
| Status | alpha |
| Risk | High |
| CWE | 94 |
| WASC | |
| Technologies Targeted | All |
| Tags |
CWE-94 OWASP_2021_A03 OWASP_2025_A05 TOOL_PTK |
Summary
Detects dynamic client-side template compilation/rendering where attacker-controlled templates or outputs are injected into the DOM.
Generated by OWASP PTK SAST Module
Solution
• Avoid compiling templates from untrusted strings; use precompiled templates. • Sanitize render output before inserting into the DOM.Other Info
References
- https://owasp.org/www-community/attacks/Template_Injection
- https://cwe.mitre.org/data/definitions/94.html