Content generators are
|“||programs on a Web server that dynamically generate HTML pages for users; these pages may be generated using information retrieved from a backend server, such as a database or directory, or possibly user-supplied input.||”|
"Content generators can range from simple Common Gateway Interface (CGI) scripts executed by the Web server to Java EE or .NET application servers in which most — if not all — HTML pages served are dynamically generated."
"Because content generators are implemented on the server, they can open the Web server itself to threats. The danger with content generators occurs when they blindly accept input from users and apply it to actions taken on the Web server. If the content generator has not been implemented correctly to restrict input, an attacker can enter certain types of information that may negatively affect the Web server or compromise its security."