Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,513

ID Title
CVE-2016-3101 Cross-Site Scripting (XSS) in jenkins (CVE-2016-3101)
CVE-2016-0305 Cross-Site Scripting (XSS) in ibm (CVE-2016-0305)
CVE-2016-0310 Cross-Site Scripting (XSS) in ibm (CVE-2016-0310)
CVE-2016-5902 Cross-Site Scripting (XSS) in ibm (CVE-2016-5902)
CVE-2016-6032 Cross-Site Scripting (XSS) in ibm (CVE-2016-6032)
CVE-2017-1127 Cross-Site Scripting (XSS) in ibm (CVE-2017-1127)
CVE-2017-1128 Cross-Site Scripting (XSS) in ibm (CVE-2017-1128)
CVE-2016-6096 Cross-Site Scripting (XSS) in ibm (CVE-2016-6096)
CVE-2017-5367 Cross-Site Scripting (XSS) in zoneminder (CVE-2017-5367)
CVE-2017-5875 Cross-Site Scripting (XSS) in dotcms (CVE-2017-5875)
CVE-2017-5876 Cross-Site Scripting (XSS) in dotcms (CVE-2017-5876)
CVE-2017-5877 Cross-Site Scripting (XSS) in dotcms (CVE-2017-5877)
CVE-2017-5882 Cross-Site Scripting (XSS) in sanadata (CVE-2017-5882)
CVE-2016-7147 Cross-Site Scripting (XSS) in plone (CVE-2016-7147)
CVE-2016-0919 Cross-Site Scripting (XSS) in rsa (CVE-2016-0919)
CVE-2016-9872 Cross-Site Scripting (XSS) in emc (CVE-2016-9872)
CVE-2016-1566 Cross-Site Scripting (XSS) in apache (CVE-2016-1566)
CVE-2016-8999 Cross-Site Scripting (XSS) in ibm (CVE-2016-8999)
CVE-2016-9000 Cross-Site Scripting (XSS) in ibm (CVE-2016-9000)
CVE-2016-9704 Cross-Site Scripting (XSS) in ibm (CVE-2016-9704)
CVE-2016-0217 Cross-Site Scripting (XSS) in ibm (CVE-2016-0217)
CVE-2016-0218 Cross-Site Scripting (XSS) in ibm (CVE-2016-0218)
CVE-2016-2924 Cross-Site Scripting (XSS) in ibm (CVE-2016-2924)
CVE-2016-2992 Cross-Site Scripting (XSS) in ibm (CVE-2016-2992)
CVE-2016-5881 Cross-Site Scripting (XSS) in ibm (CVE-2016-5881)
CVE-2016-5940 Cross-Site Scripting (XSS) in ibm (CVE-2016-5940)
CVE-2016-5942 Cross-Site Scripting (XSS) in ibm (CVE-2016-5942)
CVE-2016-8943 Cross-Site Scripting (XSS) in ibm (CVE-2016-8943)
CVE-2016-9731 Cross-Site Scripting (XSS) in ibm (CVE-2016-9731)
CVE-2016-6047 Cross-Site Scripting (XSS) in ibm (CVE-2016-6047)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →