Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2026-24751 Cross-Site Scripting (XSS) in accellion (CVE-2026-24751)
CVE-2026-42678 Cross-Site Scripting (XSS) in CVE-2026-42678 (CVE-2026-42678)
CVE-2026-42676 Cross-Site Scripting (XSS) in CVE-2026-42676 (CVE-2026-42676)
CVE-2026-48865 Cross-Site Scripting (XSS) in CVE-2026-48865 (CVE-2026-48865)
CVE-2026-48559 Cross-Site Scripting (XSS) in cpp (CVE-2026-48559)
CVE-2026-42681 Cross-Site Scripting (XSS) in CVE-2026-42681 (CVE-2026-42681)
CVE-2026-48839 Cross-Site Scripting (XSS) in CVE-2026-48839 (CVE-2026-48839)
CVE-2026-42683 Cross-Site Scripting (XSS) in CVE-2026-42683 (CVE-2026-42683)
CVE-2024-12914 Cross-Site Scripting (XSS) in CVE-2024-12914 (CVE-2024-12914)
CVE-2026-9308 Cross-Site Scripting (XSS) in mozilla (CVE-2026-9308)
CVE-2026-9309 Cross-Site Scripting (XSS) in mozilla (CVE-2026-9309)
CVE-2026-25599 Cross-Site Scripting (XSS) in CVE-2026-25599 (CVE-2026-25599)
CVE-2026-10247 Cross-Site Scripting (XSS) in CVE-2026-10247 (CVE-2026-10247)
CVE-2026-10246 Cross-Site Scripting (XSS) in CVE-2026-10246 (CVE-2026-10246)
CVE-2026-10244 Cross-Site Scripting (XSS) in CVE-2026-10244 (CVE-2026-10244)
CVE-2026-10245 Cross-Site Scripting (XSS) in CVE-2026-10245 (CVE-2026-10245)
CVE-2026-8474 Cross-Site Scripting (XSS) in CVE-2026-8474 (CVE-2026-8474)
CVE-2026-9024 Cross-Site Scripting (XSS) in CVE-2026-9024 (CVE-2026-9024)
CVE-2026-42253 Cross-Site Scripting (XSS) in activemq (CVE-2026-42253)
CVE-2026-40544 Cross-Site Scripting (XSS) in CVE-2026-40544 (CVE-2026-40544)
CVE-2026-40545 Cross-Site Scripting (XSS) in CVE-2026-40545 (CVE-2026-40545)
CVE-2026-10234 Cross-Site Scripting (XSS) in CVE-2026-10234 (CVE-2026-10234)
CVE-2026-10228 Cross-Site Scripting (XSS) in CVE-2026-10228 (CVE-2026-10228)
CVE-2026-48209 Cross-Site Scripting (XSS) in c (CVE-2026-48209)
CVE-2026-10173 Cross-Site Scripting (XSS) in vue (CVE-2026-10173)
CVE-2026-10153 Cross-Site Scripting (XSS) in CVE-2026-10153 (CVE-2026-10153)
CVE-2026-10112 Cross-Site Scripting (XSS) in CVE-2026-10112 (CVE-2026-10112)
CVE-2026-34127 Cross-Site Scripting (XSS) in tp-link (CVE-2026-34127)
CVE-2026-49381 In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
CVE-2026-49384 In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →