Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,507

ID Title
CVE-2026-8306 Cross-Site Scripting (XSS) in CVE-2026-8306 (CVE-2026-8306)
CVE-2026-11328 Cross-Site Scripting (XSS) in wordpress (CVE-2026-11328)
CVE-2026-53641 Cross-Site Scripting (XSS) in CVE-2026-53641 (CVE-2026-53641)
CVE-2026-59710 Cross-Site Scripting (XSS) in CVE-2026-59710 (CVE-2026-59710)
CVE-2026-59711 Cross-Site Scripting (XSS) in CVE-2026-59711 (CVE-2026-59711)
CVE-2026-55437 Cross-Site Scripting (XSS) in github.com/coder/coder/v2 (CVE-2026-55437)
CVE-2026-58402 Cross-Site Scripting (XSS) in gohugo (CVE-2026-58402)
CVE-2026-12154 Cross-Site Scripting (XSS) in wordpress (CVE-2026-12154)
CVE-2025-53831 Cross-Site Scripting (XSS) in CVE-2025-53831 (CVE-2025-53831)
CVE-2025-8591 Cross-Site Scripting (XSS) in CVE-2025-8591 (CVE-2025-8591)
CVE-2026-14791 Cross-Site Scripting (XSS) in CVE-2026-14791 (CVE-2026-14791)
CVE-2026-14752 Cross-Site Scripting (XSS) in CVE-2026-14752 (CVE-2026-14752)
CVE-2026-14704 Cross-Site Scripting (XSS) in CVE-2026-14704 (CVE-2026-14704)
CVE-2026-14655 Cross-Site Scripting (XSS) in CVE-2026-14655 (CVE-2026-14655)
CVE-2026-14656 Cross-Site Scripting (XSS) in CVE-2026-14656 (CVE-2026-14656)
CVE-2026-14634 Cross-Site Scripting (XSS) in CVE-2026-14634 (CVE-2026-14634)
CVE-2026-14633 Cross-Site Scripting (XSS) in CVE-2026-14633 (CVE-2026-14633)
CVE-2026-58524 Cross-Site Scripting (XSS) in microsoft (CVE-2026-58524)
CVE-2026-58298 Cross-Site Scripting (XSS) in microsoft (CVE-2026-58298)
CVE-2026-57977 Cross-Site Scripting (XSS) in microsoft (CVE-2026-57977)
CVE-2026-4322 Cross-Site Scripting (XSS) in CVE-2026-4322 (CVE-2026-4322)
CVE-2026-9756 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9756)
CVE-2026-4804 Cross-Site Scripting (XSS) in wordpress (CVE-2026-4804)
CVE-2026-9148 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9148)
CVE-2026-8351 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8351)
CVE-2026-9626 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9626)
CVE-2026-8892 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8892)
CVE-2026-8489 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8489)
CVE-2026-13040 Cross-Site Scripting (XSS) in wordpress (CVE-2026-13040)
CVE-2026-12731 Cross-Site Scripting (XSS) in wordpress (CVE-2026-12731)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →