Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2026-5385 Cross-Site Scripting (XSS) in CVE-2026-5385 (CVE-2026-5385)
CVE-2026-30586 Cross-Site Scripting (XSS) in CVE-2026-30586 (CVE-2026-30586)
CVE-2026-33553 Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS.
CVE-2026-33245 React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
CVE-2026-33244 Cross-Site Scripting (XSS) in react-router (CVE-2026-33244)
CVE-2026-7299 Cross-Site Scripting (XSS) in appsmith (CVE-2026-7299)
CVE-2026-28116 Cross-Site Scripting (XSS) in CVE-2026-28116 (CVE-2026-28116)
CVE-2026-32250 Cross-Site Scripting (XSS) in CVE-2026-32250 (CVE-2026-32250)
CVE-2026-42685 Cross-Site Scripting (XSS) in CVE-2026-42685 (CVE-2026-42685)
CVE-2026-5191 Cross-Site Scripting (XSS) in wordpress (CVE-2026-5191)
CVE-2026-34907 Cross-Site Scripting (XSS) in CVE-2026-34907 (CVE-2026-34907)
CVE-2025-52759 Cross-Site Scripting (XSS) in CVE-2025-52759 (CVE-2025-52759)
CVE-2026-8885 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8885)
CVE-2026-2425 Cross-Site Scripting (XSS) in wordpress (CVE-2026-2425)
CVE-2026-2382 Cross-Site Scripting (XSS) in wordpress (CVE-2026-2382)
CVE-2026-1450 Cross-Site Scripting (XSS) in wordpress (CVE-2026-1450)
CVE-2025-5085 Cross-Site Scripting (XSS) in wordpress (CVE-2025-5085)
CVE-2026-1451 Cross-Site Scripting (XSS) in wordpress (CVE-2026-1451)
CVE-2026-4080 Cross-Site Scripting (XSS) in wordpress (CVE-2026-4080)
CVE-2026-4081 Cross-Site Scripting (XSS) in wordpress (CVE-2026-4081)
CVE-2026-3722 Cross-Site Scripting (XSS) in wordpress (CVE-2026-3722)
CVE-2026-10567 Cross-Site Scripting (XSS) in CVE-2026-10567 (CVE-2026-10567)
CVE-2026-10510 Cross-Site Scripting (XSS) in CVE-2026-10510 (CVE-2026-10510)
CVE-2026-10100 Cross-Site Scripting (XSS) in wordpress (CVE-2026-10100)
CVE-2026-10529 Cross-Site Scripting (XSS) in CVE-2026-10529 (CVE-2026-10529)
CVE-2026-10301 Cross-Site Scripting (XSS) in CVE-2026-10301 (CVE-2026-10301)
CVE-2026-10514 Cross-Site Scripting (XSS) in CVE-2026-10514 (CVE-2026-10514)
CVE-2026-24752 Cross-Site Scripting (XSS) in accellion (CVE-2026-24752)
CVE-2026-24754 Cross-Site Scripting (XSS) in accellion (CVE-2026-24754)
CVE-2026-10289 Cross-Site Scripting (XSS) in CVE-2026-10289 (CVE-2026-10289)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →