Change @security-severity for XSS queries from 6.1 to 7.8

2026-03-31 12:48:17 +02:00 · 2026-03-13 10:01:02 +00:00
parent f11815c633
commit f58a6e5d3a
15 changed files with 15 additions and 15 deletions
--- a/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
+++ b/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
@@ -4,7 +4,7 @@
 *              allows for a cross-site scripting vulnerability.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 6.1
+ * @security-severity 7.8
 * @precision high
 * @id cpp/cgi-xss
 * @tags security
--- a/Features/CWE-079/XSS.ql
+++ b/Features/CWE-079/XSS.ql
@@ -4,7 +4,7 @@
 *              allows for a cross-site scripting vulnerability.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 6.1
+ * @security-severity 7.8
 * @precision high
 * @id cs/web/xss
 * @tags security
--- a/go/ql/src/Security/CWE-079/HtmlTemplateEscapingBypassXss.ql
+++ b/go/ql/src/Security/CWE-079/HtmlTemplateEscapingBypassXss.ql
@@ -5,7 +5,7 @@
 *              scripting vulnerability.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 6.1
+ * @security-severity 7.8
 * @precision high
 * @id go/html-template-escaping-bypass-xss
 * @tags security
--- a/go/ql/src/Security/CWE-079/ReflectedXss.ql
+++ b/go/ql/src/Security/CWE-079/ReflectedXss.ql
@@ -4,7 +4,7 @@
 *              a cross-site scripting vulnerability.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 6.1
+ * @security-severity 7.8
 * @precision high
 * @id go/reflected-xss
 * @tags security
--- a/go/ql/src/Security/CWE-079/StoredXss.ql
+++ b/go/ql/src/Security/CWE-079/StoredXss.ql
@@ -4,7 +4,7 @@
 *              a stored cross-site scripting vulnerability.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 6.1
+ * @security-severity 7.8
 * @precision low
 * @id go/stored-xss
 * @tags security
--- a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
+++ b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
@@ -4,7 +4,7 @@
 * @description Exposing a Java object in a WebView with a JavaScript interface can lead to malicious JavaScript controlling the application.
 * @kind problem
 * @problem.severity warning
- * @security-severity 6.1
+ * @security-severity 7.8
 * @precision medium
 * @tags security
 *       external/cwe/cwe-079
--- a/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
+++ b/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
@@ -4,7 +4,7 @@
 * @kind problem
 * @id java/android/websettings-javascript-enabled
 * @problem.severity warning
- * @security-severity 6.1
+ * @security-severity 7.8
 * @precision medium
 * @tags security
 *       external/cwe/cwe-079
--- a/java/ql/src/Security/CWE/CWE-079/XSS.ql
+++ b/java/ql/src/Security/CWE/CWE-079/XSS.ql
@@ -4,7 +4,7 @@
 *              allows for a cross-site scripting vulnerability.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 6.1
+ * @security-severity 7.8
 * @precision high
 * @id java/xss
 * @tags security
--- a/python/ql/src/Security/CWE-079/Jinja2WithoutEscaping.ql
+++ b/python/ql/src/Security/CWE-079/Jinja2WithoutEscaping.ql
@@ -4,7 +4,7 @@
 *              cause a cross-site scripting vulnerability.
 * @kind problem
 * @problem.severity error
- * @security-severity 6.1
+ * @security-severity 7.8
 * @precision medium
 * @id py/jinja2/autoescape-false
 * @tags security
--- a/python/ql/src/Security/CWE-079/ReflectedXss.ql
+++ b/python/ql/src/Security/CWE-079/ReflectedXss.ql
@@ -4,7 +4,7 @@
 *              allows for a cross-site scripting vulnerability.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 6.1
+ * @security-severity 7.8
 * @sub-severity high
 * @precision high
 * @id py/reflective-xss
--- a/ruby/ql/src/queries/security/cwe-079/ReflectedXSS.ql
+++ b/ruby/ql/src/queries/security/cwe-079/ReflectedXSS.ql
@@ -4,7 +4,7 @@
 *              allows for a cross-site scripting vulnerability.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 6.1
+ * @security-severity 7.8
 * @sub-severity high
 * @precision high
 * @id rb/reflected-xss
--- a/ruby/ql/src/queries/security/cwe-079/StoredXSS.ql
+++ b/ruby/ql/src/queries/security/cwe-079/StoredXSS.ql
@@ -4,7 +4,7 @@
 *              a stored cross-site scripting vulnerability.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 6.1
+ * @security-severity 7.8
 * @precision high
 * @id rb/stored-xss
 * @tags security
--- a/ruby/ql/src/queries/security/cwe-079/UnsafeHtmlConstruction.ql
+++ b/ruby/ql/src/queries/security/cwe-079/UnsafeHtmlConstruction.ql
@@ -4,7 +4,7 @@
 *              user to perform a cross-site scripting attack.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 6.1
+ * @security-severity 7.8
 * @precision high
 * @id rb/html-constructed-from-input
 * @tags security
--- a/rust/ql/src/queries/security/CWE-079/XSS.ql
+++ b/rust/ql/src/queries/security/CWE-079/XSS.ql
@@ -4,7 +4,7 @@
 *              allows for a cross-site scripting vulnerability.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 6.1
+ * @security-severity 7.8
 * @precision high
 * @id rust/xss
 * @tags security
--- a/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql
+++ b/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql
@@ -3,7 +3,7 @@
 * @description Fetching data in a WebView without restricting the base URL may allow an attacker to access sensitive local data, or enable cross-site scripting attack.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 6.1
+ * @security-severity 7.8
 * @precision high
 * @id swift/unsafe-webview-fetch
 * @tags security