Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2025-25925 Cross-Site Scripting (XSS) in openmrs (CVE-2025-25925)
CVE-2025-0877 Cross-Site Scripting (XSS) in CVE-2025-0877 (CVE-2025-0877)
CVE-2025-26984 Cross-Site Scripting (XSS) in cozyvision (CVE-2025-26984)
CVE-2025-25823 Cross-Site Scripting (XSS) in emlog (CVE-2025-25823)
CVE-2025-25818 Cross-Site Scripting (XSS) in emlog (CVE-2025-25818)
CVE-2025-25825 Cross-Site Scripting (XSS) in emlog (CVE-2025-25825)
CVE-2023-34192 KEV [KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2023-34192)
CVE-2025-0545 Cross-Site Scripting (XSS) in CVE-2025-0545 (CVE-2025-0545)
CVE-2024-11831 Cross-Site Scripting (XSS) in CVE-2024-11831 (CVE-2024-11831)
CVE-2024-48417 Cross-Site Scripting (XSS) in edimax (CVE-2024-48417)
CVE-2024-57041 Cross-Site Scripting (XSS) in nodebb (CVE-2024-57041)
CVE-2024-10539 Cross-Site Scripting (XSS) in CVE-2024-10539 (CVE-2024-10539)
CVE-2020-11023 KEV [KEV] Cross-Site Scripting (XSS) in jquery (CVE-2020-11023)
CVE-2024-55488 Cross-Site Scripting (XSS) in umbraco (CVE-2024-55488)
CVE-2024-57370 Cross-Site Scripting (XSS) in CVE-2024-57370 (CVE-2024-57370)
CVE-2024-54998 Cross-Site Scripting (XSS) in monicahq (CVE-2024-54998)
CVE-2024-54994 Cross-Site Scripting (XSS) in monicahq (CVE-2024-54994)
CVE-2024-54996 Cross-Site Scripting (XSS) in monicahq (CVE-2024-54996)
CVE-2024-50659 Cross-Site Scripting (XSS) in ipublishmedia (CVE-2024-50659)
CVE-2024-51112 Cross-Site Scripting (XSS) in pnetlab (CVE-2024-51112)
CVE-2024-51111 Cross-Site Scripting (XSS) in pnetlab (CVE-2024-51111)
CVE-2024-48197 Cross-Site Scripting (XSS) in CVE-2024-48197 (CVE-2024-48197)
CVE-2024-37776 Cross-Site Scripting (XSS) in sunbirddcim (CVE-2024-37776)
CVE-2024-53481 Cross-Site Scripting (XSS) in phpgurukul (CVE-2024-53481)
CVE-2024-11321 Cross-Site Scripting (XSS) in CVE-2024-11321 (CVE-2024-11321)
CVE-2024-53365 Cross-Site Scripting (XSS) in phpgurukul (CVE-2024-53365)
CVE-2024-7130 Cross-Site Scripting (XSS) in CVE-2024-7130 (CVE-2024-7130)
CVE-2024-7016 Cross-Site Scripting (XSS) in smarttek (CVE-2024-7016)
CVE-2024-44309 KEV [KEV] Cross-Site Scripting (XSS) in Apple multiple-products (CVE-2024-44309)
CVE-2024-11406 Cross-Site Scripting (XSS) in djangocms-attributes-field (CVE-2024-11406)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →