Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2016-4948 Cross-Site Scripting (XSS) in cloudera (CVE-2016-4948)
CVE-2016-7136 Cross-Site Scripting (XSS) in plone (CVE-2016-7136)
CVE-2016-9148 Cross-Site Scripting (XSS) in ca (CVE-2016-9148)
CVE-2017-5197 Cross-Site Scripting (XSS) in silverstripe (CVE-2017-5197)
CVE-2017-6503 WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS.
CVE-2017-6446 Cross-Site Scripting (XSS) in dotclear (CVE-2017-6446)
CVE-2017-6478 Cross-Site Scripting (XSS) in mangoswebv4-project (CVE-2017-6478)
CVE-2017-6479 Cross-Site Scripting (XSS) in fenix-hosting (CVE-2017-6479)
CVE-2017-6480 Cross-Site Scripting (XSS) in groovel-project (CVE-2017-6480)
CVE-2017-6481 Cross-Site Scripting (XSS) in phpipam (CVE-2017-6481)
CVE-2017-6483 Cross-Site Scripting (XSS) in atutor (CVE-2017-6483)
CVE-2017-6484 Cross-Site Scripting (XSS) in c (CVE-2017-6484)
CVE-2017-6485 Cross-Site Scripting (XSS) in php-calendar (CVE-2017-6485)
CVE-2017-6486 Cross-Site Scripting (XSS) in reasoncms (CVE-2017-6486)
CVE-2017-6487 Cross-Site Scripting (XSS) in epesi (CVE-2017-6487)
CVE-2017-6488 Cross-Site Scripting (XSS) in epesi (CVE-2017-6488)
CVE-2017-6489 Cross-Site Scripting (XSS) in epesi (CVE-2017-6489)
CVE-2017-6490 Cross-Site Scripting (XSS) in epesi (CVE-2017-6490)
CVE-2017-6491 Cross-Site Scripting (XSS) in epesi (CVE-2017-6491)
CVE-2015-8815 Cross-Site Scripting (XSS) in umbraco (CVE-2015-8815)
CVE-2017-5616 Cross-Site Scripting (XSS) in cpanel (CVE-2017-5616)
CVE-2017-5832 Cross-Site Scripting (XSS) in revive-adserver (CVE-2017-5832)
CVE-2017-5833 Cross-Site Scripting (XSS) in revive-adserver (CVE-2017-5833)
CVE-2016-10201 Cross-Site Scripting (XSS) in zoneminder (CVE-2016-10201)
CVE-2016-10202 Cross-Site Scripting (XSS) in zoneminder (CVE-2016-10202)
CVE-2016-10203 Cross-Site Scripting (XSS) in zoneminder (CVE-2016-10203)
CVE-2017-6102 Persistent XSS in wordpress plugin rockhoist-badges v1.2.2.
CVE-2017-6103 Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1.
CVE-2017-6390 Cross-Site Scripting (XSS) in soruly (CVE-2017-6390)
CVE-2017-6391 Cross-Site Scripting (XSS) in kaltura (CVE-2017-6391)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →