Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2026-47939 Cross-Site Scripting (XSS) in adobe (CVE-2026-47939)
CVE-2026-47941 Cross-Site Scripting (XSS) in adobe (CVE-2026-47941)
CVE-2026-47943 Cross-Site Scripting (XSS) in adobe (CVE-2026-47943)
CVE-2026-47942 Cross-Site Scripting (XSS) in adobe (CVE-2026-47942)
CVE-2026-47640 Cross-Site Scripting (XSS) in microsoft (CVE-2026-47640)
CVE-2026-47634 Vulnerability in microsoft (CVE-2026-47634)
CVE-2026-47636 Cross-Site Scripting (XSS) in microsoft (CVE-2026-47636)
CVE-2026-47637 Cross-Site Scripting (XSS) in microsoft (CVE-2026-47637)
CVE-2026-47631 Cross-Site Scripting (XSS) in microsoft (CVE-2026-47631)
CVE-2026-47638 Cross-Site Scripting (XSS) in microsoft (CVE-2026-47638)
CVE-2026-47639 Cross-Site Scripting (XSS) in microsoft (CVE-2026-47639)
CVE-2026-45644 Cross-Site Scripting (XSS) in microsoft (CVE-2026-45644)
CVE-2026-47900 Cross-Site Scripting (XSS) in CVE-2026-47900 (CVE-2026-47900)
CVE-2026-47901 Cross-Site Scripting (XSS) in CVE-2026-47901 (CVE-2026-47901)
CVE-2026-47348 Cross-Site Scripting (XSS) in typo3/cms-core (CVE-2026-47348)
CVE-2026-41031 Cross-Site Scripting (XSS) in CVE-2026-41031 (CVE-2026-41031)
CVE-2026-34033 Cross-Site Scripting (XSS) in apache (CVE-2026-34033)
CVE-2026-8677 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8677)
CVE-2026-8599 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8599)
CVE-2026-8981 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8981)
CVE-2026-41539 Cross-Site Scripting (XSS) in qnap (CVE-2026-41539)
CVE-2026-8977 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8977)
CVE-2026-8895 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8895)
CVE-2026-8841 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8841)
CVE-2026-8880 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8880)
CVE-2026-8882 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8882)
CVE-2026-7662 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7662)
CVE-2026-8883 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8883)
CVE-2026-41846 Cross-Site Scripting (XSS) in spring (CVE-2026-41846)
CVE-2026-41845 Cross-Site Scripting (XSS) in spring (CVE-2026-41845)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →