Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2026-7462 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7462)
CVE-2026-6404 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6404)
CVE-2026-6549 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6549)
CVE-2026-6397 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6397)
CVE-2026-5293 Cross-Site Scripting (XSS) in wordpress (CVE-2026-5293)
CVE-2026-6399 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6399)
CVE-2026-6367 Cross-Site Scripting (XSS) in drupal (CVE-2026-6367)
CVE-2026-6365 Cross-Site Scripting (XSS) in drupal (CVE-2026-6365)
CVE-2026-6871 Cross-Site Scripting (XSS) in drupal (CVE-2026-6871)
CVE-2026-6095 Cross-Site Scripting (XSS) in drupal (CVE-2026-6095)
CVE-2026-5090 Cross-Site Scripting (XSS) in CVE-2026-5090 (CVE-2026-5090)
CVE-2026-34241 Cross-Site Scripting (XSS) in CVE-2026-34241 (CVE-2026-34241)
CVE-2026-46342 Cross-Site Scripting (XSS) in nuxt (CVE-2026-46342)
CVE-2026-33741 Cross-Site Scripting (XSS) in CVE-2026-33741 (CVE-2026-33741)
CVE-2026-46426 Unrestricted File Upload in budibase (CVE-2026-46426)
CVE-2026-46511 Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46511)
CVE-2026-46396 Cross-Site Scripting (XSS) in @haxtheweb/haxcms-nodejs (CVE-2026-46396)
CVE-2026-46496 Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496)
CVE-2026-8948 Vulnerability in mozilla (CVE-2026-8948)
CVE-2025-40903 Cross-Site Scripting (XSS) in nozominetworks (CVE-2025-40903)
CVE-2025-40904 Cross-Site Scripting (XSS) in nozominetworks (CVE-2025-40904)
CVE-2025-40901 Cross-Site Scripting (XSS) in nozominetworks (CVE-2025-40901)
CVE-2025-40902 Cross-Site Scripting (XSS) in nozominetworks (CVE-2025-40902)
CVE-2026-31379 Path Traversal in apache (CVE-2026-31379)
CVE-2026-31906 Cross-Site Scripting (XSS) in apache (CVE-2026-31906)
CVE-2026-27964 Cross-Site Scripting (XSS) in facturascripts/facturascripts (CVE-2026-27964)
CVE-2026-27737 Cross-Site Scripting (XSS) in CVE-2026-27737 (CVE-2026-27737)
CVE-2026-45231 Cross-Site Scripting (XSS) in CVE-2026-45231 (CVE-2026-45231)
CVE-2026-45494 Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2026-29964 Cross-Site Scripting (XSS) in hsclabs (CVE-2026-29964)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →