Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2026-44429 Vulnerability in github.com/modelcontextprotocol/registry (CVE-2026-44429)
CVE-2026-44212 Cross-Site Scripting (XSS) in prestashop/prestashop (CVE-2026-44212)
CVE-2026-44670 Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44670)
CVE-2026-41886 Vulnerability in locize (CVE-2026-41886)
CVE-2026-42794 Cross-Site Scripting (XSS) in absinthe_plug (CVE-2026-42794)
CVE-2026-41591 Cross-Site Scripting (XSS) in marko (CVE-2026-41591)
CVE-2026-41683 Vulnerability in i18next-http-middleware (CVE-2026-41683)
CVE-2026-41524 Cross-Site Scripting (XSS) in laravel (CVE-2026-41524)
CVE-2026-41575 Cross-Site Scripting (XSS) in th30d4y (CVE-2026-41575)
CVE-2026-41576 Cross-Site Scripting (XSS) in CVE-2026-41576 (CVE-2026-41576)
CVE-2026-7475 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7475)
CVE-2026-7650 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7650)
CVE-2026-5341 Cross-Site Scripting (XSS) in wordpress (CVE-2026-5341)
CVE-2026-7330 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7330)
CVE-2024-33724 Cross-Site Scripting (XSS) in CVE-2024-33724 (CVE-2024-33724)
CVE-2023-42343 Cross-Site Scripting (XSS) in CVE-2023-42343 (CVE-2023-42343)
CVE-2023-42345 Cross-Site Scripting (XSS) in CVE-2023-42345 (CVE-2023-42345)
CVE-2022-23961 Cross-Site Scripting (XSS) in CVE-2022-23961 (CVE-2022-23961)
CVE-2026-8136 Cross-Site Scripting (XSS) in CVE-2026-8136 (CVE-2026-8136)
CVE-2026-42150 Cross-Site Scripting (XSS) in wlc (CVE-2026-42150)
CVE-2026-8117 Cross-Site Scripting (XSS) in CVE-2026-8117 (CVE-2026-8117)
CVE-2026-8106 Cross-Site Scripting (XSS) in github (CVE-2026-8106)
CVE-2026-41929 Cross-Site Scripting (XSS) in CVE-2026-41929 (CVE-2026-41929)
CVE-2026-32207 Cross-Site Scripting (XSS) in microsoft (CVE-2026-32207)
CVE-2026-44742 Cross-Site Scripting (XSS) in postorius (CVE-2026-44742)
CVE-2026-41692 Cross-Site Scripting (XSS) in i18nextify (CVE-2026-41692)
CVE-2026-39823 Cross-Site Scripting (XSS) in golang (CVE-2026-39823)
CVE-2026-36388 Cross-Site Scripting (XSS) in CVE-2026-36388 (CVE-2026-36388)
CVE-2025-67202 Cross-Site Scripting (XSS) in sidekiq-cron (CVE-2025-67202)
CVE-2026-8080 Cross-Site Scripting (XSS) in misp (CVE-2026-8080)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →