Cross Site Scripting
You are in full control of your files and uploads. No scripts are included on the fly, so there is no chance of XSS
SQL Injection
Server Connect and Database Connector/Updater use strict parameters for all their input values, so No SQL Injection is possible. You can also add additional validation rules to all the input parameters to make sure they are what you expect - next to be even more secure it allows you to detect errors more easily.
Other security
We have integrated Security Provider so you can limit the access and data availability of your site on various levels. You can create and secure admin areas, you can limit data availability to certain users and groups.
You can also create accounts with encrypted hash values as passwords so that those are stored fully secure as well.
Generally every modern security feature that you need in a CMS is already available in Wappler.
We have been working on those security components for years. Server Connect appeared first in 2013 as server components for Dreamweaver with our DMXzone extensions.
So everything is well tested and strengthened through the years.