Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2024-13064 Cross-Site Scripting (XSS) in CVE-2024-13064 (CVE-2024-13064)
CVE-2024-12974 Cross-Site Scripting (XSS) in CVE-2024-12974 (CVE-2024-12974)
CVE-2024-12972 Cross-Site Scripting (XSS) in CVE-2024-12972 (CVE-2024-12972)
CVE-2025-55618 Cross-Site Scripting (XSS) in hyundai (CVE-2025-55618)
CVE-2025-55422 In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus.
CVE-2025-56432 Cross-Site Scripting (XSS) in nagios (CVE-2025-56432)
CVE-2025-55409 Cross-Site Scripting (XSS) in foxcms (CVE-2025-55409)
CVE-2025-51965 Cross-Site Scripting (XSS) in CVE-2025-51965 (CVE-2025-51965)
CVE-2025-52335 Cross-Site Scripting (XSS) in eyoucms (CVE-2025-52335)
CVE-2025-45313 Cross-Site Scripting (XSS) in hortusfox (CVE-2025-45313)
CVE-2025-45315 Cross-Site Scripting (XSS) in hortusfox (CVE-2025-45315)
CVE-2025-45314 Cross-Site Scripting (XSS) in hortusfox (CVE-2025-45314)
CVE-2025-51629 Cross-Site Scripting (XSS) in CVE-2025-51629 (CVE-2025-51629)
CVE-2024-52680 Cross-Site Scripting (XSS) in c (CVE-2024-52680)
CVE-2025-51053 Cross-Site Scripting (XSS) in vedo-suite-project (CVE-2025-51053)
CVE-2025-51624 Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3.4.0.
CVE-2025-50592 Cross-Site Scripting (XSS) in seacms (CVE-2025-50592)
CVE-2012-10032 Cross-Site Scripting (XSS) in CVE-2012-10032 (CVE-2012-10032)
CVE-2025-51857 Cross-Site Scripting (XSS) in CVE-2025-51857 (CVE-2025-51857)
CVE-2025-50848 Cross-Site Scripting (XSS) in cs-cart (CVE-2025-50848)
CVE-2025-6060 Cross-Site Scripting (XSS) in CVE-2025-6060 (CVE-2025-6060)
CVE-2025-45960 Cross-Site Scripting (XSS) in tawk (CVE-2025-45960)
CVE-2025-5254 Cross-Site Scripting (XSS) in CVE-2025-5254 (CVE-2025-5254)
CVE-2025-4411 Cross-Site Scripting (XSS) in CVE-2025-4411 (CVE-2025-4411)
CVE-2025-4294 Cross-Site Scripting (XSS) in CVE-2025-4294 (CVE-2025-4294)
CVE-2025-4284 Cross-Site Scripting (XSS) in CVE-2025-4284 (CVE-2025-4284)
CVE-2025-50583 Cross-Site Scripting (XSS) in daycloud (CVE-2025-50583)
CVE-2025-50582 Cross-Site Scripting (XSS) in daycloud (CVE-2025-50582)
CVE-2025-50581 Cross-Site Scripting (XSS) in mrcms (CVE-2025-50581)
CVE-2025-50584 Cross-Site Scripting (XSS) in daycloud (CVE-2025-50584)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →