Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2026-53473 Cross-Site Scripting (XSS) in kubev2v (CVE-2026-53473)
CVE-2026-45560 Cross-Site Scripting (XSS) in c (CVE-2026-45560)
CVE-2026-53441 Cross-Site Scripting (XSS) in org.jenkins-ci.main:jenkins-core (CVE-2026-53441)
CVE-2026-49069 Cross-Site Scripting (XSS) in CVE-2026-49069 (CVE-2026-49069)
CVE-2026-9019 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9019)
CVE-2026-8853 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8853)
CVE-2026-8613 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8613)
CVE-2026-9060 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9060)
CVE-2026-8071 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8071)
CVE-2025-8444 Cross-Site Scripting (XSS) in wordpress (CVE-2025-8444)
CVE-2026-41003 Cross-Site Scripting (XSS) in vmware (CVE-2026-41003)
CVE-2026-46518 Cross-Site Scripting (XSS) in csrf (CVE-2026-46518)
CVE-2026-25860 Cross-Site Scripting (XSS) in CVE-2026-25860 (CVE-2026-25860)
CVE-2026-34417 Cross-Site Scripting (XSS) in CVE-2026-34417 (CVE-2026-34417)
CVE-2026-47933 Cross-Site Scripting (XSS) in adobe (CVE-2026-47933)
CVE-2026-34416 Cross-Site Scripting (XSS) in CVE-2026-34416 (CVE-2026-34416)
CVE-2026-11799 Cross-Site Scripting (XSS) in mozilla (CVE-2026-11799)
CVE-2026-25557 Cross-Site Scripting (XSS) in CVE-2026-25557 (CVE-2026-25557)
CVE-2026-47106 Cross-Site Scripting (XSS) in CVE-2026-47106 (CVE-2026-47106)
CVE-2026-32856 Cross-Site Scripting (XSS) in CVE-2026-32856 (CVE-2026-32856)
CVE-2026-36728 Cross-Site Scripting (XSS) in CVE-2026-36728 (CVE-2026-36728)
CVE-2026-36725 Cross-Site Scripting (XSS) in CVE-2026-36725 (CVE-2026-36725)
CVE-2026-47962 Cross-Site Scripting (XSS) in adobe (CVE-2026-47962)
CVE-2026-47966 Cross-Site Scripting (XSS) in adobe (CVE-2026-47966)
CVE-2026-47973 Cross-Site Scripting (XSS) in adobe (CVE-2026-47973)
CVE-2026-47974 Cross-Site Scripting (XSS) in adobe (CVE-2026-47974)
CVE-2026-45501 Cross-Site Scripting (XSS) in ssrf (CVE-2026-45501)
CVE-2026-45500 Cross-Site Scripting (XSS) in microsoft (CVE-2026-45500)
CVE-2026-45483 Cross-Site Scripting (XSS) in microsoft (CVE-2026-45483)
CVE-2026-45465 Cross-Site Scripting (XSS) in microsoft (CVE-2026-45465)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →