Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,507

ID Title
CVE-2026-39900 Cross-Site Scripting (XSS) in cacti (CVE-2026-39900)
CVE-2026-55570 Cross-Site Scripting (XSS) in CVE-2026-55570 (CVE-2026-55570)
CVE-2026-54158 Cross-Site Scripting (XSS) in CVE-2026-54158 (CVE-2026-54158)
CVE-2026-54070 Cross-Site Scripting (XSS) in CVE-2026-54070 (CVE-2026-54070)
CVE-2026-54759 Cross-Site Scripting (XSS) in CVE-2026-54759 (CVE-2026-54759)
CVE-2026-54067 Cross-Site Scripting (XSS) in CVE-2026-54067 (CVE-2026-54067)
CVE-2026-50551 Cross-Site Scripting (XSS) in CVE-2026-50551 (CVE-2026-50551)
CVE-2026-39897 Cross-Site Scripting (XSS) in cacti (CVE-2026-39897)
CVE-2026-11998 Vulnerability in CVE-2026-11998 (CVE-2026-11998)
CVE-2026-47733 Cross-Site Scripting (XSS) in CVE-2026-47733 (CVE-2026-47733)
CVE-2026-53950 Cross-Site Scripting (XSS) in CVE-2026-53950 (CVE-2026-53950)
CVE-2026-49220 Cross-Site Scripting (XSS) in CVE-2026-49220 (CVE-2026-49220)
CVE-2026-50701 Cross-Site Scripting (XSS) in CVE-2026-50701 (CVE-2026-50701)
CVE-2026-50703 Cross-Site Scripting (XSS) in CVE-2026-50703 (CVE-2026-50703)
CVE-2026-50704 Cross-Site Scripting (XSS) in CVE-2026-50704 (CVE-2026-50704)
CVE-2026-50710 Cross-Site Scripting (XSS) in CVE-2026-50710 (CVE-2026-50710)
CVE-2026-50712 Cross-Site Scripting (XSS) in CVE-2026-50712 (CVE-2026-50712)
CVE-2026-50711 Cross-Site Scripting (XSS) in CVE-2026-50711 (CVE-2026-50711)
CVE-2026-50705 Cross-Site Scripting (XSS) in CVE-2026-50705 (CVE-2026-50705)
CVE-2026-50709 Cross-Site Scripting (XSS) in CVE-2026-50709 (CVE-2026-50709)
CVE-2026-50708 Cross-Site Scripting (XSS) in CVE-2026-50708 (CVE-2026-50708)
CVE-2026-50700 Cross-Site Scripting (XSS) in CVE-2026-50700 (CVE-2026-50700)
CVE-2026-11878 Cross-Site Scripting (XSS) in microfocus (CVE-2026-11878)
CVE-2026-50698 Cross-Site Scripting (XSS) in CVE-2026-50698 (CVE-2026-50698)
CVE-2026-50699 Cross-Site Scripting (XSS) in CVE-2026-50699 (CVE-2026-50699)
CVE-2026-13140 Cross-Site Scripting (XSS) in CVE-2026-13140 (CVE-2026-13140)
CVE-2026-9643 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9643)
CVE-2026-9620 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9620)
CVE-2026-8896 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8896)
CVE-2026-8628 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8628)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →