Skip to content

Security Test: Frontend Improper Input Validation Injection

Description

Default Severity:

Improper input validation injection happens when an application blindly accepts and processes user-supplied data without adequately checking it first. This oversight allows an attacker to insert harmful code—like malicious scripts—into the application, potentially tricking it into running that code. The risk here is that if such vulnerabilities are exploited, sensitive data could be stolen, sessions hijacked, or the app’s behavior manipulated. Developers often fall into pitfalls by not sanitizing inputs, assuming users won’t provide harmful data, or misusing trusted functions, leaving the door open for attackers to misuse.

Reference:

Configuration

Identifier: frontend_injection/improper_input

Examples

All configuration available:

checks:
  frontend_injection/improper_input:
    skip: false # default

Compliance and Standards

Standard Value
OWASP API Top 10 API10:2023
OWASP LLM Top 10 LLM01:2023
PCI DSS 6.5.7
GDPR Article-32
SOC2 CC1
PSD2 Article-95
ISO 27001 A.14.2
NIST SP800-53
FedRAMP AC-4
CWE 79
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
CVSS Score 7.2