Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,507

ID Title
CVE-2026-10089 Cross-Site Scripting (XSS) in wordpress (CVE-2026-10089)
CVE-2026-55790 Cross-Site Scripting (XSS) in craftcms/cms (CVE-2026-55790)
CVE-2026-55793 Cross-Site Scripting (XSS) in craftcms/cms (CVE-2026-55793)
CVE-2026-54263 Cross-Site Scripting (XSS) in django (CVE-2026-54263)
CVE-2026-14358 Cross-Site Scripting (XSS) in CVE-2026-14358 (CVE-2026-14358)
CVE-2026-58263 Cross-Site Scripting (XSS) in CVE-2026-58263 (CVE-2026-58263)
CVE-2026-54720 Cross-Site Scripting (XSS) in CVE-2026-54720 (CVE-2026-54720)
CVE-2026-57737 Cross-Site Scripting (XSS) in CVE-2026-57737 (CVE-2026-57737)
CVE-2026-57722 Cross-Site Scripting (XSS) in CVE-2026-57722 (CVE-2026-57722)
CVE-2026-34096 Cross-Site Scripting (XSS) in CVE-2026-34096 (CVE-2026-34096)
CVE-2026-34097 Cross-Site Scripting (XSS) in CVE-2026-34097 (CVE-2026-34097)
CVE-2026-34098 Cross-Site Scripting (XSS) in CVE-2026-34098 (CVE-2026-34098)
CVE-2026-58030 Cross-Site Scripting (XSS) in CVE-2026-58030 (CVE-2026-58030)
CVE-2026-58037 Cross-Site Scripting (XSS) in CVE-2026-58037 (CVE-2026-58037)
CVE-2026-58038 Cross-Site Scripting (XSS) in CVE-2026-58038 (CVE-2026-58038)
CVE-2026-58028 Cross-Site Scripting (XSS) in CVE-2026-58028 (CVE-2026-58028)
CVE-2026-58032 Cross-Site Scripting (XSS) in CVE-2026-58032 (CVE-2026-58032)
CVE-2026-58034 Cross-Site Scripting (XSS) in vue (CVE-2026-58034)
CVE-2026-58035 Cross-Site Scripting (XSS) in vue (CVE-2026-58035)
CVE-2026-5220 Cross-Site Scripting (XSS) in CVE-2026-5220 (CVE-2026-5220)
CVE-2026-58031 Cross-Site Scripting (XSS) in CVE-2026-58031 (CVE-2026-58031)
CVE-2026-6283 Cross-Site Scripting (XSS) in CVE-2026-6283 (CVE-2026-6283)
CVE-2026-53907 Cross-Site Scripting (XSS) in mycomplianceoffice (CVE-2026-53907)
CVE-2026-12142 Cross-Site Scripting (XSS) in wordpress (CVE-2026-12142)
CVE-2026-13323 Cross-Site Scripting (XSS) in eclipse (CVE-2026-13323)
CVE-2026-10095 Cross-Site Scripting (XSS) in wordpress (CVE-2026-10095)
CVE-2026-12754 Cross-Site Scripting (XSS) in wordpress (CVE-2026-12754)
CVE-2026-12732 Cross-Site Scripting (XSS) in wordpress (CVE-2026-12732)
CVE-2026-13733 Cross-Site Scripting (XSS) in c (CVE-2026-13733)
CVE-2026-13731 Cross-Site Scripting (XSS) in wordpress (CVE-2026-13731)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →