Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2026-7437 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7437)
CVE-2026-6808 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6808)
CVE-2026-7464 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7464)
CVE-2026-7659 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7659)
CVE-2026-6913 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6913)
CVE-2026-4859 Cross-Site Scripting (XSS) in wordpress (CVE-2026-4859)
CVE-2026-4920 Cross-Site Scripting (XSS) in wordpress (CVE-2026-4920)
CVE-2026-6237 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6237)
CVE-2026-5340 Cross-Site Scripting (XSS) in wordpress (CVE-2026-5340)
CVE-2026-5715 Cross-Site Scripting (XSS) in wordpress (CVE-2026-5715)
CVE-2026-6247 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6247)
CVE-2026-2300 Cross-Site Scripting (XSS) in wordpress (CVE-2026-2300)
CVE-2026-3604 Cross-Site Scripting (XSS) in wordpress (CVE-2026-3604)
CVE-2024-34577 Cross-Site Scripting (XSS) in jvn (CVE-2024-34577)
CVE-2026-40137 Cross-Site Scripting (XSS) in CVE-2026-40137 (CVE-2026-40137)
CVE-2026-27682 Cross-Site Scripting (XSS) in sap (CVE-2026-27682)
CVE-2026-45392 Reserved. Details will be published at disclosure.
CVE-2026-43900 Cross-Site Scripting (XSS) in vue (CVE-2026-43900)
CVE-2026-42554 Cross-Site Scripting (XSS) in github.com/gofiber/fiber/v3 (CVE-2026-42554)
CVE-2026-43887 Cross-Site Scripting (XSS) in CVE-2026-43887 (CVE-2026-43887)
CVE-2026-43878 Cross-Site Scripting (XSS) in wwbn/avideo (CVE-2026-43878)
CVE-2026-43876 Cross-Site Scripting (XSS) in wwbn/avideo (CVE-2026-43876)
CVE-2026-45026 Cross-Site Scripting (XSS) in CVE-2026-45026 (CVE-2026-45026)
CVE-2026-45025 Cross-Site Scripting (XSS) in CVE-2026-45025 (CVE-2026-45025)
CVE-2026-42887 Cross-Site Scripting (XSS) in CVE-2026-42887 (CVE-2026-42887)
CVE-2026-42870 Cross-Site Scripting (XSS) in CVE-2026-42870 (CVE-2026-42870)
CVE-2026-42872 Cross-Site Scripting (XSS) in CVE-2026-42872 (CVE-2026-42872)
CVE-2026-44657 Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-44657)
CVE-2026-44655 Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-44655)
CVE-2026-43979 Cross-Site Scripting (XSS) in local-deep-research (CVE-2026-43979)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →