Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2025-14767 Cross-Site Scripting (XSS) in wordpress (CVE-2025-14767)
CVE-2026-6962 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6962)
CVE-2026-6828 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6828)
CVE-2025-9989 Cross-Site Scripting (XSS) in wordpress (CVE-2025-9989)
CVE-2026-45028 Vulnerability in astro (CVE-2026-45028)
CVE-2026-44245 Cross-Site Scripting (XSS) in github.com/kyverno/policy-reporter-ui (CVE-2026-44245)
CVE-2026-42157 Cross-Site Scripting (XSS) in CVE-2026-42157 (CVE-2026-42157)
CVE-2026-44651 Cross-Site Scripting (XSS) in sillytavern (CVE-2026-44651)
CVE-2026-42338 Cross-Site Scripting (XSS) in ip-address (CVE-2026-42338)
CVE-2026-34686 Cross-Site Scripting (XSS) in adobe (CVE-2026-34686)
CVE-2026-34655 Cross-Site Scripting (XSS) in adobe (CVE-2026-34655)
CVE-2026-34658 Cross-Site Scripting (XSS) in adobe (CVE-2026-34658)
CVE-2026-23819 Cross-Site Scripting (XSS) in CVE-2026-23819 (CVE-2026-23819)
CVE-2026-43892 Cross-Site Scripting (XSS) in CVE-2026-43892 (CVE-2026-43892)
CVE-2026-42045 Cross-Site Scripting (XSS) in @lobehub/lobehub (CVE-2026-42045)
CVE-2026-41610 Vulnerability in microsoft (CVE-2026-41610)
CVE-2026-41611 Command Injection in microsoft (CVE-2026-41611)
CVE-2026-43938 Vulnerability in YAFNET.Core (CVE-2026-43938)
CVE-2026-43939 Vulnerability in YAFNET.Core (CVE-2026-43939)
CVE-2025-70842 Cross-Site Scripting (XSS) in CVE-2025-70842 (CVE-2025-70842)
CVE-2026-8391 Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3.
CVE-2026-6800 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6800)
CVE-2026-6813 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6813)
CVE-2026-25789 Cross-Site Scripting (XSS) in CVE-2026-25789 (CVE-2026-25789)
CVE-2026-33862 Cross-Site Scripting (XSS) in siemens (CVE-2026-33862)
CVE-2026-25786 Cross-Site Scripting (XSS) in CVE-2026-25786 (CVE-2026-25786)
CVE-2026-25787 Cross-Site Scripting (XSS) in CVE-2026-25787 (CVE-2026-25787)
CVE-2026-7661 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7661)
CVE-2026-6256 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6256)
CVE-2026-6690 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6690)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →