Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2020-24085 Cross-Site Scripting (XSS) in misp-project (CVE-2020-24085)
CVE-2021-3184 Cross-Site Scripting (XSS) in misp-project (CVE-2021-3184)
CVE-2021-25325 Cross-Site Scripting (XSS) in misp-project (CVE-2021-25325)
CVE-2021-25324 Cross-Site Scripting (XSS) in misp-project (CVE-2021-25324)
CVE-2020-35262 Cross-Site Scripting (XSS) in digisol (CVE-2020-35262)
CVE-2020-25498 Cross-Site Scripting (XSS) in beetel (CVE-2020-25498)
CVE-2020-29231 Cross-Site Scripting (XSS) in egavilanmedia (CVE-2020-29231)
CVE-2020-29477 Cross-Site Scripting (XSS) in invisioncommunity (CVE-2020-29477)
CVE-2020-29230 Cross-Site Scripting (XSS) in egavilanmedia (CVE-2020-29230)
CVE-2020-29247 Cross-Site Scripting (XSS) in wondercms (CVE-2020-29247)
CVE-2020-35275 Cross-Site Scripting (XSS) in coastercms (CVE-2020-35275)
CVE-2020-35274 Cross-Site Scripting (XSS) in dotcms (CVE-2020-35274)
CVE-2020-28859 Cross-Site Scripting (XSS) in openasset (CVE-2020-28859)
CVE-2020-28857 Cross-Site Scripting (XSS) in openasset (CVE-2020-28857)
CVE-2020-29572 Cross-Site Scripting (XSS) in misp-project (CVE-2020-29572)
CVE-2020-28210 Cross-Site Scripting (XSS) in schneider-electric (CVE-2020-28210)
CVE-2020-28947 Cross-Site Scripting (XSS) in misp-project (CVE-2020-28947)
CVE-2020-21732 Cross-Site Scripting (XSS) in rukovoditel (CVE-2020-21732)
CVE-2020-21731 Cross-Site Scripting (XSS) in gazie-project (CVE-2020-21731)
CVE-2020-21733 Cross-Site Scripting (XSS) in sagemcom (CVE-2020-21733)
CVE-2020-24194 Cross-Site Scripting (XSS) in daily-tracker-system-project (CVE-2020-24194)
CVE-2020-23450 Cross-Site Scripting (XSS) in spiceworks (CVE-2020-23450)
CVE-2020-13153 Cross-Site Scripting (XSS) in misp-project (CVE-2020-13153)
CVE-2019-11814 Cross-Site Scripting (XSS) in misp-project (CVE-2019-11814)
CVE-2019-11813 Cross-Site Scripting (XSS) in misp-project (CVE-2019-11813)
CVE-2019-11812 Cross-Site Scripting (XSS) in misp-project (CVE-2019-11812)
CVE-2018-19953 KEV [KEV] Cross-Site Scripting (XSS) in Qnap network-attached-storage-nas (CVE-2018-19953)
CVE-2018-19943 KEV [KEV] Cross-Site Scripting (XSS) in Qnap network-attached-storage-nas (CVE-2018-19943)
CVE-2022-29005 Cross-Site Scripting (XSS) in phpgurukul (CVE-2022-29005)
CVE-2022-29004 Cross-Site Scripting (XSS) in phpgurukul (CVE-2022-29004)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →