Cross-site scripting (XSS) vulnerability detected.

Description

Sending unsanitized user input in a response puts your application at risk of cross-site scripting attacks.

Remediations

❌ Avoid including user input directly in a response:

res.send(req.body.data)

Resources

Associated CWE

OWASP Top 10