Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2025-63892 Cross-Site Scripting (XSS) in remyandrade (CVE-2025-63892)
CVE-2025-64046 OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /system/update-run.php.
CVE-2025-11962 Cross-Site Scripting (XSS) in CVE-2025-11962 (CVE-2025-11962)
CVE-2025-11960 Cross-Site Scripting (XSS) in CVE-2025-11960 (CVE-2025-11960)
CVE-2025-11956 Cross-Site Scripting (XSS) in CVE-2025-11956 (CVE-2025-11956)
CVE-2025-10955 Cross-Site Scripting (XSS) in CVE-2025-10955 (CVE-2025-10955)
CVE-2025-60837 Cross-Site Scripting (XSS) in mingsoft (CVE-2025-60837)
CVE-2025-56008 Cross-Site Scripting (XSS) in keenetic (CVE-2025-56008)
CVE-2025-10727 Cross-Site Scripting (XSS) in CVE-2025-10727 (CVE-2025-10727)
CVE-2025-10914 Cross-Site Scripting (XSS) in CVE-2025-10914 (CVE-2025-10914)
CVE-2025-10612 Cross-Site Scripting (XSS) in CVE-2025-10612 (CVE-2025-10612)
CVE-2025-56320 Cross-Site Scripting (XSS) in CVE-2025-56320 (CVE-2025-56320)
CVE-2025-34512 Cross-Site Scripting (XSS) in ilevia (CVE-2025-34512)
CVE-2025-31366 Cross-Site Scripting (XSS) in fortinet (CVE-2025-31366)
CVE-2025-60308 Cross-Site Scripting (XSS) in fabian (CVE-2025-60308)
CVE-2025-60378 Cross-Site Scripting (XSS) in fairsketch (CVE-2025-60378)
CVE-2025-11570 Cross-Site Scripting (XSS) in drupal (CVE-2025-11570)
CVE-2025-60304 Cross-Site Scripting (XSS) in fabian (CVE-2025-60304)
CVE-2025-60302 Cross-Site Scripting (XSS) in fabian (CVE-2025-60302)
CVE-2025-27915 KEV [KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2025-27915)
CVE-2025-60967 Cross-Site Scripting (XSS) in endruntechnologies (CVE-2025-60967)
CVE-2025-60958 Cross-Site Scripting (XSS) in endruntechnologies (CVE-2025-60958)
CVE-2025-60961 Cross-Site Scripting (XSS) in endruntechnologies (CVE-2025-60961)
CVE-2025-0609 Cross-Site Scripting (XSS) in c (CVE-2025-0609)
CVE-2021-42193 Cross-Site Scripting (XSS) in nopcommerce (CVE-2021-42193)
CVE-2025-0876 Cross-Site Scripting (XSS) in CVE-2025-0876 (CVE-2025-0876)
CVE-2025-57393 Cross-Site Scripting (XSS) in CVE-2025-57393 (CVE-2025-57393)
CVE-2025-56200 Cross-Site Scripting (XSS) in validator-project (CVE-2025-56200)
CVE-2025-56807 Cross-Site Scripting (XSS) in fairsketch (CVE-2025-56807)
CVE-2025-6396 Cross-Site Scripting (XSS) in CVE-2025-6396 (CVE-2025-6396)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →