Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2026-11468 Cross-Site Scripting (XSS) in CVE-2026-11468 (CVE-2026-11468)
CVE-2026-11436 Cross-Site Scripting (XSS) in CVE-2026-11436 (CVE-2026-11436)
CVE-2026-11434 Cross-Site Scripting (XSS) in CVE-2026-11434 (CVE-2026-11434)
CVE-2026-9594 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9594)
CVE-2026-7796 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7796)
CVE-2026-9280 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9280)
CVE-2026-8991 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8991)
CVE-2026-7795 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7795)
CVE-2026-9281 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9281)
CVE-2026-8901 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8901)
CVE-2026-8438 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8438)
CVE-2026-8900 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8900)
CVE-2026-8893 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8893)
CVE-2026-45778 Cross-Site Scripting (XSS) in buffalo (CVE-2026-45778)
CVE-2026-25624 Cross-Site Scripting (XSS) in arista (CVE-2026-25624)
CVE-2026-11338 Cross-Site Scripting (XSS) in CVE-2026-11338 (CVE-2026-11338)
CVE-2026-11337 Cross-Site Scripting (XSS) in CVE-2026-11337 (CVE-2026-11337)
CVE-2026-47387 Cross-Site Scripting (XSS) in nocodb (CVE-2026-47387)
CVE-2026-47383 Cross-Site Scripting (XSS) in nocodb (CVE-2026-47383)
CVE-2026-47376 Cross-Site Scripting (XSS) in nocodb (CVE-2026-47376)
CVE-2026-38579 Cross-Site Scripting (XSS) in CVE-2026-38579 (CVE-2026-38579)
CVE-2026-50235 Cross-Site Scripting (XSS) in CVE-2026-50235 (CVE-2026-50235)
CVE-2026-50230 Cross-Site Scripting (XSS) in CVE-2026-50230 (CVE-2026-50230)
CVE-2026-50231 Cross-Site Scripting (XSS) in CVE-2026-50231 (CVE-2026-50231)
CVE-2026-50232 Cross-Site Scripting (XSS) in CVE-2026-50232 (CVE-2026-50232)
CVE-2026-21825 Cross-Site Scripting (XSS) in hcltech (CVE-2026-21825)
CVE-2026-50591 IN Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences.
CVE-2026-50592 Cross-Site Scripting (XSS) in CVE-2026-50592 (CVE-2026-50592)
CVE-2026-11273 Vulnerability in google (CVE-2026-11273)
CVE-2026-11186 Cross-Site Scripting (XSS) in google (CVE-2026-11186)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →