Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2017-16721 Cross-Site Scripting (XSS) in geovap (CVE-2017-16721)
CVE-2017-17057 Cross-Site Scripting (XSS) in zkteco (CVE-2017-17057)
CVE-2017-17096 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17096)
CVE-2017-14516 Cross-Site Scripting (XSS) in sap (CVE-2017-14516)
CVE-2017-17092 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17092)
CVE-2017-17093 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17093)
CVE-2017-17094 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17094)
CVE-2017-11285 Cross-Site Scripting (XSS) in adobe (CVE-2017-11285)
CVE-2017-3104 Cross-Site Scripting (XSS) in adobe (CVE-2017-3104)
CVE-2017-12356 Cross-Site Scripting (XSS) in cisco (CVE-2017-12356)
CVE-2017-12357 Cross-Site Scripting (XSS) in cisco (CVE-2017-12357)
CVE-2017-12358 Cross-Site Scripting (XSS) in cisco (CVE-2017-12358)
CVE-2017-12366 Cross-Site Scripting (XSS) in cisco (CVE-2017-12366)
CVE-2017-12343 Cross-Site Scripting (XSS) in cisco (CVE-2017-12343)
CVE-2017-12344 Cross-Site Scripting (XSS) in cisco (CVE-2017-12344)
CVE-2017-12345 Cross-Site Scripting (XSS) in cisco (CVE-2017-12345)
CVE-2017-12346 Cross-Site Scripting (XSS) in cisco (CVE-2017-12346)
CVE-2017-12347 Cross-Site Scripting (XSS) in cisco (CVE-2017-12347)
CVE-2017-12348 Cross-Site Scripting (XSS) in cisco (CVE-2017-12348)
CVE-2017-12349 Cross-Site Scripting (XSS) in cisco (CVE-2017-12349)
CVE-2017-14197 Cross-Site Scripting (XSS) in squiz (CVE-2017-14197)
CVE-2017-14186 Cross-Site Scripting (XSS) in fortinet (CVE-2017-14186)
CVE-2017-17059 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17059)
CVE-2017-17043 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17043)
CVE-2017-14379 Cross-Site Scripting (XSS) in emc (CVE-2017-14379)
CVE-2017-1461 Cross-Site Scripting (XSS) in ibm (CVE-2017-1461)
CVE-2017-1560 Cross-Site Scripting (XSS) in ibm (CVE-2017-1560)
CVE-2017-1593 Cross-Site Scripting (XSS) in ibm (CVE-2017-1593)
CVE-2017-1607 Cross-Site Scripting (XSS) in ibm (CVE-2017-1607)
CVE-2017-1650 Cross-Site Scripting (XSS) in ibm (CVE-2017-1650)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →