Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2026-6956 Cross-Site Scripting (XSS) in CVE-2026-6956 (CVE-2026-6956)
CVE-2026-8262 Cross-Site Scripting (XSS) in CVE-2026-8262 (CVE-2026-8262)
CVE-2026-8256 Cross-Site Scripting (XSS) in CVE-2026-8256 (CVE-2026-8256)
CVE-2026-8253 Cross-Site Scripting (XSS) in CVE-2026-8253 (CVE-2026-8253)
CVE-2026-8254 Cross-Site Scripting (XSS) in CVE-2026-8254 (CVE-2026-8254)
CVE-2026-8255 Cross-Site Scripting (XSS) in CVE-2026-8255 (CVE-2026-8255)
CVE-2022-50963 Cross-Site Scripting (XSS) in CVE-2022-50963 (CVE-2022-50963)
CVE-2022-50964 Cross-Site Scripting (XSS) in CVE-2022-50964 (CVE-2022-50964)
CVE-2022-50965 Cross-Site Scripting (XSS) in CVE-2022-50965 (CVE-2022-50965)
CVE-2022-50966 Cross-Site Scripting (XSS) in CVE-2022-50966 (CVE-2022-50966)
CVE-2022-50967 Cross-Site Scripting (XSS) in CVE-2022-50967 (CVE-2022-50967)
CVE-2022-50968 Cross-Site Scripting (XSS) in CVE-2022-50968 (CVE-2022-50968)
CVE-2022-50969 Cross-Site Scripting (XSS) in CVE-2022-50969 (CVE-2022-50969)
CVE-2022-50970 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50970)
CVE-2022-50957 Cross-Site Scripting (XSS) in drupal (CVE-2022-50957)
CVE-2022-50958 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50958)
CVE-2022-50959 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50959)
CVE-2022-50960 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50960)
CVE-2022-50961 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50961)
CVE-2022-50962 Cross-Site Scripting (XSS) in CVE-2022-50962 (CVE-2022-50962)
CVE-2022-50945 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50945)
CVE-2022-50946 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50946)
CVE-2022-50947 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50947)
CVE-2022-50948 Cross-Site Scripting (XSS) in CVE-2022-50948 (CVE-2022-50948)
CVE-2022-50949 Cross-Site Scripting (XSS) in wordpress (CVE-2022-50949)
CVE-2021-47947 Cross-Site Scripting (XSS) in CVE-2021-47947 (CVE-2021-47947)
CVE-2021-47950 Cross-Site Scripting (XSS) in CVE-2021-47950 (CVE-2021-47950)
CVE-2021-47951 Cross-Site Scripting (XSS) in wordpress (CVE-2021-47951)
CVE-2022-50943 Cross-Site Scripting (XSS) in moodle (CVE-2022-50943)
CVE-2021-47929 Cross-Site Scripting (XSS) in CVE-2021-47929 (CVE-2021-47929)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →