Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2022-0900 Cross-Site Scripting (XSS) in netdatasoft (CVE-2022-0900)
CVE-2019-18426 KEV [KEV] Cross-Site Scripting (XSS) in Meta platforms meta-platforms (CVE-2019-18426)
CVE-2018-7795 Cross-Site Scripting (XSS) in schneider-electric (CVE-2018-7795)
CVE-2020-22985 Cross-Site Scripting (XSS) in microstrategy (CVE-2020-22985)
CVE-2020-22987 Cross-Site Scripting (XSS) in microstrategy (CVE-2020-22987)
CVE-2020-22986 Cross-Site Scripting (XSS) in microstrategy (CVE-2020-22986)
CVE-2020-22984 Cross-Site Scripting (XSS) in microstrategy (CVE-2020-22984)
CVE-2022-28077 Cross-Site Scripting (XSS) in home-owners-collection-management-system-project (CVE-2022-28077)
CVE-2022-28078 Cross-Site Scripting (XSS) in home-owners-collection-management-system-project (CVE-2022-28078)
CVE-2021-43712 Cross-Site Scripting (XSS) in employee-daily-task-management-system-project (CVE-2021-43712)
CVE-2021-31674 Cross-Site Scripting (XSS) in cyclos (CVE-2021-31674)
CVE-2021-31673 Cross-Site Scripting (XSS) in cyclos (CVE-2021-31673)
CVE-2022-28102 Cross-Site Scripting (XSS) in php-mysql-admin-panel-generator-project (CVE-2022-28102)
CVE-2022-26596 Cross-Site Scripting (XSS) in liferay (CVE-2022-26596)
CVE-2022-26597 Cross-Site Scripting (XSS) in liferay (CVE-2022-26597)
CVE-2022-28094 Cross-Site Scripting (XSS) in online-sports-complex-booking-system-project (CVE-2022-28094)
CVE-2022-29531 Cross-Site Scripting (XSS) in misp-project (CVE-2022-29531)
CVE-2022-29532 Cross-Site Scripting (XSS) in misp-project (CVE-2022-29532)
CVE-2022-29533 Cross-Site Scripting (XSS) in misp-project (CVE-2022-29533)
CVE-2022-29530 An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.
CVE-2022-29529 An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.
CVE-2022-26593 Cross-Site Scripting (XSS) in liferay (CVE-2022-26593)
CVE-2018-6882 KEV [KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2018-6882)
CVE-2022-26594 Cross-Site Scripting (XSS) in liferay (CVE-2022-26594)
CVE-2019-3929 KEV [KEV] Cross-Site Scripting (XSS) in Crestron multiple-products (CVE-2019-3929)
CVE-2021-43432 Cross-Site Scripting (XSS) in exrick (CVE-2021-43432)
CVE-2021-42868 Cross-Site Scripting (XSS) in chikitsa (CVE-2021-42868)
CVE-2022-26644 Cross-Site Scripting (XSS) in oretnom23 (CVE-2022-26644)
CVE-2022-26244 Cross-Site Scripting (XSS) in hospitals-patient-records-management-system-project (CVE-2022-26244)
CVE-2022-26263 Cross-Site Scripting (XSS) in yonyou (CVE-2022-26263)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →