Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2016-8924 Cross-Site Scripting (XSS) in ibm (CVE-2016-8924)
CVE-2017-7984 Cross-Site Scripting (XSS) in joomla (CVE-2017-7984)
CVE-2017-7985 Cross-Site Scripting (XSS) in joomla (CVE-2017-7985)
CVE-2017-7986 Cross-Site Scripting (XSS) in joomla (CVE-2017-7986)
CVE-2017-7987 Cross-Site Scripting (XSS) in joomla (CVE-2017-7987)
CVE-2017-5045 Cross-Site Scripting (XSS) in google (CVE-2017-5045)
CVE-2017-3557 Cross-Site Scripting (XSS) in c (CVE-2017-3557)
CVE-2017-5191 Cross-Site Scripting (XSS) in netiq (CVE-2017-5191)
CVE-2017-7723 XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body.
CVE-2017-8102 Cross-Site Scripting (XSS) in s9y (CVE-2017-8102)
CVE-2017-8103 Cross-Site Scripting (XSS) in mybb (CVE-2017-8103)
CVE-2017-8085 Cross-Site Scripting (XSS) in exponentcms (CVE-2017-8085)
CVE-2017-7944 Cross-Site Scripting (XSS) in xoops (CVE-2017-7944)
CVE-2017-8052 Craft CMS before 2.6.2974 allows XSS attacks.
CVE-2016-6519 Cross-Site Scripting (XSS) in redhat (CVE-2016-6519)
CVE-2017-7992 Cross-Site Scripting (XSS) in heartland-payment-systems (CVE-2017-7992)
CVE-2017-7409 Cross-Site Scripting (XSS) in paloaltonetworks (CVE-2017-7409)
CVE-2017-6611 Cross-Site Scripting (XSS) in cisco (CVE-2017-6611)
CVE-2017-6618 Cross-Site Scripting (XSS) in cisco (CVE-2017-6618)
CVE-2016-9979 Cross-Site Scripting (XSS) in ibm (CVE-2016-9979)
CVE-2016-9980 Cross-Site Scripting (XSS) in ibm (CVE-2016-9980)
CVE-2017-5183 Cross-Site Scripting (XSS) in netiq (CVE-2017-5183)
CVE-2016-1214 Cross-Site Scripting (XSS) in cybozu (CVE-2016-1214)
CVE-2016-1215 Cross-Site Scripting (XSS) in cybozu (CVE-2016-1215)
CVE-2016-1216 Cross-Site Scripting (XSS) in cybozu (CVE-2016-1216)
CVE-2016-1217 Cross-Site Scripting (XSS) in cybozu (CVE-2016-1217)
CVE-2016-6347 Cross-Site Scripting (XSS) in redhat (CVE-2016-6347)
CVE-2016-4847 Cross-Site Scripting (XSS) in ossec (CVE-2016-4847)
CVE-2016-4849 Cross-Site Scripting (XSS) in geeklog-project (CVE-2016-4849)
CVE-2016-5760 Cross-Site Scripting (XSS) in novell (CVE-2016-5760)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →