Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2017-17953 PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter.
CVE-2017-17954 PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter.
CVE-2017-17955 PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter.
CVE-2017-17956 Cross-Site Scripting (XSS) in php-multivendor-ecommerce-project (CVE-2017-17956)
CVE-2017-17958 PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter.
CVE-2017-15892 Cross-Site Scripting (XSS) in synology (CVE-2017-15892)
CVE-2017-17937 Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.
CVE-2017-17938 PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter.
CVE-2017-17940 PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php.
CVE-2015-7324 Cross-Site Scripting (XSS) in stackideas (CVE-2015-7324)
CVE-2015-7666 Cross-Site Scripting (XSS) in wordpress (CVE-2015-7666)
CVE-2015-7667 Cross-Site Scripting (XSS) in wordpress (CVE-2015-7667)
CVE-2015-7668 Cross-Site Scripting (XSS) in wordpress (CVE-2015-7668)
CVE-2017-16768 Cross-Site Scripting (XSS) in synology (CVE-2017-16768)
CVE-2017-17904 Cross-Site Scripting (XSS) in fortunescripts (CVE-2017-17904)
CVE-2017-17907 Cross-Site Scripting (XSS) in car-rental-script-project (CVE-2017-17907)
CVE-2017-17909 PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter.
CVE-2017-17911 Cross-Site Scripting (XSS) in archon (CVE-2017-17911)
CVE-2017-17925 Cross-Site Scripting (XSS) in ordermanagementscript (CVE-2017-17925)
CVE-2017-17929 PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter.
CVE-2017-17893 Cross-Site Scripting (XSS) in readymade-video-sharing-script-project (CVE-2017-17893)
CVE-2017-17896 Readymade Job Site Script has XSS via the keyword parameter to the /job URI.
CVE-2017-17859 Cross-Site Scripting (XSS) in samsung (CVE-2017-17859)
CVE-2017-17868 Cross-Site Scripting (XSS) in liferay (CVE-2017-17868)
CVE-2017-17869 The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.
CVE-2017-17832 Cross-Site Scripting (XSS) in serverscheck (CVE-2017-17832)
CVE-2017-1365 Cross-Site Scripting (XSS) in ibm (CVE-2017-1365)
CVE-2017-15312 Cross-Site Scripting (XSS) in huawei (CVE-2017-15312)
CVE-2017-14363 Cross-Site Scripting (XSS) in microfocus (CVE-2017-14363)
CVE-2017-17828 Cross-Site Scripting (XSS) in doditsolutions (CVE-2017-17828)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →