Description
This script is vulnerable to Server-side JavaScript injection.The user input appears to be placed into a dynamically evaluated JavaScript statement, allowing an attacker to execute arbitrary Server-side Javascript code.
Remediation
Avoid creating JavaScript commands by concatenating script with user input. Avoid use of the Javascript eval command. In particular, when parsing JSON input, use a safer alternative such as JSON.parse.