Improper Output Handling is a weakness in data generation that allows the attacker to modify the data sent to the client. If an application has improper output handling, the output data may be consumed in a way that leads to vulnerabilities and actions never intended by the application developer.
Improper Output Handling is classified as a critical application vulnerability, and it can occur at any location where data leaves an application boundary. The root cause is an application passing along data that is not interrogated consistently through mechanisms such as filtering or sanitization. Improper Output Handling can occur while passing data to applications or between tiers within an application’s architecture. Not validating output data may allow an application to pass along improper output encoding or escaping, invalid data, incorrect data, or malicious content to the consumer.