Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2021-47962 Cross-Site Scripting (XSS) in CVE-2021-47962 (CVE-2021-47962)
CVE-2026-45580 Cross-Site Scripting (XSS) in WWBN/AVideo (CVE-2026-45580)
CVE-2026-23695 Cross-Site Scripting (XSS) in cockpit-hq/cockpit (CVE-2026-23695)
CVE-2026-45106 Cross-Site Scripting (XSS) in weblate (CVE-2026-45106)
CVE-2026-41147 Cross-Site Scripting (XSS) in nukeviet/nukeviet (CVE-2026-41147)
CVE-2026-6415 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6415)
CVE-2026-6646 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6646)
CVE-2026-24662 Cross-Site Scripting (XSS) in jvn (CVE-2026-24662)
CVE-2026-42573 Cross-Site Scripting (XSS) in svelte (CVE-2026-42573)
CVE-2026-45665 Cross-Site Scripting (XSS) in open-webui (CVE-2026-45665)
CVE-2026-45348 Cross-Site Scripting (XSS) in pyload-ng (CVE-2026-45348)
CVE-2026-42599 Cross-Site Scripting (XSS) in svelte (CVE-2026-42599)
CVE-2026-45318 Cross-Site Scripting (XSS) in open-webui (CVE-2026-45318)
CVE-2026-45315 Unrestricted File Upload in open-webui (CVE-2026-45315)
CVE-2026-45303 Cross-Site Scripting (XSS) in open-webui (CVE-2026-45303)
CVE-2026-45299 Cross-Site Scripting (XSS) in open-webui (CVE-2026-45299)
CVE-2026-44586 Cross-Site Scripting (XSS) in CVE-2026-44586 (CVE-2026-44586)
CVE-2026-44541 Cross-Site Scripting (XSS) in ethyca-fides (CVE-2026-44541)
CVE-2026-42897 KEV [KEV] Cross-Site Scripting (XSS) in Microsoft exchange-server (CVE-2026-42897)
CVE-2026-45011 Cross-Site Scripting (XSS) in apostrophe (CVE-2026-45011)
CVE-2026-44990 Cross-Site Scripting (XSS) in sanitize-html (CVE-2026-44990)
CVE-2026-44899 Cross-Site Scripting (XSS) in mistune (CVE-2026-44899)
CVE-2026-44898 Cross-Site Scripting (XSS) in mistune (CVE-2026-44898)
CVE-2026-42159 Cross-Site Scripting (XSS) in flowsint (CVE-2026-42159)
CVE-2026-1630 Cross-Site Scripting (XSS) in CVE-2026-1630 (CVE-2026-1630)
CVE-2026-41932 Cross-Site Scripting (XSS) in CVE-2026-41932 (CVE-2026-41932)
CVE-2026-24710 Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.
CVE-2026-21730 Cross-Site Scripting (XSS) in verint (CVE-2026-21730)
CVE-2026-44371 Cross-Site Scripting (XSS) in CVE-2026-44371 (CVE-2026-44371)
CVE-2026-44482 Vulnerability in CVE-2026-44482 (CVE-2026-44482)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →