Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2021-47931 Cross-Site Scripting (XSS) in CVE-2021-47931 (CVE-2021-47931)
CVE-2021-47922 Cross-Site Scripting (XSS) in CVE-2021-47922 (CVE-2021-47922)
CVE-2021-47924 Cross-Site Scripting (XSS) in CVE-2021-47924 (CVE-2021-47924)
CVE-2021-47925 Cross-Site Scripting (XSS) in CVE-2021-47925 (CVE-2021-47925)
CVE-2021-47926 Cross-Site Scripting (XSS) in CVE-2021-47926 (CVE-2021-47926)
CVE-2021-47927 Cross-Site Scripting (XSS) in wordpress (CVE-2021-47927)
CVE-2021-47907 Cross-Site Scripting (XSS) in CVE-2021-47907 (CVE-2021-47907)
CVE-2021-47910 Cross-Site Scripting (XSS) in CVE-2021-47910 (CVE-2021-47910)
CVE-2026-6735 Cross-Site Scripting (XSS) in libphp (CVE-2026-6735)
CVE-2026-8219 Cross-Site Scripting (XSS) in CVE-2026-8219 (CVE-2026-8219)
CVE-2026-8218 Cross-Site Scripting (XSS) in CVE-2026-8218 (CVE-2026-8218)
CVE-2026-8221 Cross-Site Scripting (XSS) in CVE-2026-8221 (CVE-2026-8221)
CVE-2026-8220 Cross-Site Scripting (XSS) in CVE-2026-8220 (CVE-2026-8220)
CVE-2026-8195 Cross-Site Scripting (XSS) in CVE-2026-8195 (CVE-2026-8195)
CVE-2026-20108 Cross-Site Scripting (XSS) in Cisco catalyst-sd-wan-manager (CVE-2026-20108)
CVE-2026-20132 Cross-Site Scripting (XSS) in Cisco identity-services-engine (CVE-2026-20132)
CVE-2026-42455 Cross-Site Scripting (XSS) in CVE-2026-42455 (CVE-2026-42455)
CVE-2026-44897 Cross-Site Scripting (XSS) in mistune (CVE-2026-44897)
CVE-2026-44896 Cross-Site Scripting (XSS) in mistune (CVE-2026-44896)
CVE-2026-44708 Cross-Site Scripting (XSS) in mistune (CVE-2026-44708)
CVE-2026-42556 Cross-Site Scripting (XSS) in gitroom (CVE-2026-42556)
CVE-2026-42451 Cross-Site Scripting (XSS) in CVE-2026-42451 (CVE-2026-42451)
CVE-2026-42224 Cross-Site Scripting (XSS) in ipl/web (CVE-2026-42224)
CVE-2026-44549 Cross-Site Scripting (XSS) in open-webui (CVE-2026-44549)
CVE-2026-44831 Cross-Site Scripting (XSS) in snipe/snipe-it (CVE-2026-44831)
CVE-2026-44568 Cross-Site Scripting (XSS) in open-webui (CVE-2026-44568)
CVE-2026-42192 Cross-Site Scripting (XSS) in react (CVE-2026-42192)
CVE-2026-44737 Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-44737)
CVE-2026-44588 Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44588)
CVE-2026-44721 Cross-Site Scripting (XSS) in open-webui (CVE-2026-44721)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →