Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2026-33331 Cross-Site Scripting (XSS) in orpc (CVE-2026-33331)
CVE-2026-32851 Cross-Site Scripting (XSS) in mailenable (CVE-2026-32851)
CVE-2025-52204 Cross-Site Scripting (XSS) in CVE-2025-52204 (CVE-2025-52204)
CVE-2025-63260 Cross-Site Scripting (XSS) in syncfusion (CVE-2025-63260)
CVE-2026-22895 Cross-Site Scripting (XSS) in qnap (CVE-2026-22895)
CVE-2026-30695 Cross-Site Scripting (XSS) in CVE-2026-30695 (CVE-2026-30695)
CVE-2026-31938 Cross-Site Scripting (XSS) in parall (CVE-2026-31938)
CVE-2025-66376 KEV [KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2025-66376)
CVE-2025-62320 Cross-Site Scripting (XSS) in hcltech (CVE-2025-62320)
CVE-2025-2274 Cross-Site Scripting (XSS) in forcepoint (CVE-2025-2274)
CVE-2016-20032 Cross-Site Scripting (XSS) in CVE-2016-20032 (CVE-2016-20032)
CVE-2016-20027 Cross-Site Scripting (XSS) in CVE-2016-20027 (CVE-2016-20027)
CVE-2025-13702 Cross-Site Scripting (XSS) in ibm (CVE-2025-13702)
CVE-2026-20117 Cross-Site Scripting (XSS) in express (CVE-2026-20117)
CVE-2025-13902 Cross-Site Scripting (XSS) in schneider-electric (CVE-2025-13902)
CVE-2025-70060 Cross-Site Scripting (XSS) in ymfe (CVE-2025-70060)
CVE-2025-11950 Cross-Site Scripting (XSS) in eduasist (CVE-2025-11950)
CVE-2026-24351 Cross-Site Scripting (XSS) in pluxml (CVE-2026-24351)
CVE-2026-24350 Cross-Site Scripting (XSS) in pluxml (CVE-2026-24350)
CVE-2025-14343 Cross-Site Scripting (XSS) in CVE-2025-14343 (CVE-2025-14343)
CVE-2026-27970 Cross-Site Scripting (XSS) in angular (CVE-2026-27970)
CVE-2026-27148 Vulnerability in storybook (CVE-2026-27148)
CVE-2026-26351 Cross-Site Scripting (XSS) in getsimple-ce (CVE-2026-26351)
CVE-2026-25896 Vulnerability in c (CVE-2026-25896)
CVE-2026-2472 Cross-Site Scripting (XSS) in CVE-2026-2472 (CVE-2026-2472)
CVE-2025-68461 KEV [KEV] Cross-Site Scripting (XSS) in Roundcube webmail (CVE-2025-68461)
CVE-2025-8308 Cross-Site Scripting (XSS) in CVE-2025-8308 (CVE-2025-8308)
CVE-2025-8303 Cross-Site Scripting (XSS) in CVE-2025-8303 (CVE-2025-8303)
CVE-2025-13002 Cross-Site Scripting (XSS) in farktor (CVE-2025-13002)
CVE-2025-8668 Cross-Site Scripting (XSS) in CVE-2025-8668 (CVE-2025-8668)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →