Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2016-3048 Cross-Site Scripting (XSS) in ibm (CVE-2016-3048)
CVE-2017-1147 Cross-Site Scripting (XSS) in ibm (CVE-2017-1147)
CVE-2017-1290 Cross-Site Scripting (XSS) in ibm (CVE-2017-1290)
CVE-2017-1552 Cross-Site Scripting (XSS) in ibm (CVE-2017-1552)
CVE-2017-1553 Cross-Site Scripting (XSS) in ibm (CVE-2017-1553)
CVE-2017-1554 Cross-Site Scripting (XSS) in ibm (CVE-2017-1554)
CVE-2017-1001001 Cross-Site Scripting (XSS) in pluxml (CVE-2017-1001001)
CVE-2017-14752 Cross-Site Scripting (XSS) in mahara (CVE-2017-14752)
CVE-2017-15273 Cross-Site Scripting (XSS) in mahara (CVE-2017-15273)
CVE-2017-14357 Cross-Site Scripting (XSS) in express (CVE-2017-14357)
CVE-2017-3933 Cross-Site Scripting (XSS) in mcafee (CVE-2017-3933)
CVE-2016-10699 Cross-Site Scripting (XSS) in dlink (CVE-2016-10699)
CVE-2017-14373 Cross-Site Scripting (XSS) in emc (CVE-2017-14373)
CVE-2012-5636 Cross-Site Scripting (XSS) in apache (CVE-2012-5636)
CVE-2017-16230 Cross-Site Scripting (XSS) in typecho (CVE-2017-16230)
CVE-2017-15888 Cross-Site Scripting (XSS) in synology (CVE-2017-15888)
CVE-2009-1198 Cross-Site Scripting (XSS) in apache (CVE-2009-1198)
CVE-2017-12460 Cross-Site Scripting (XSS) in barco (CVE-2017-12460)
CVE-2017-15947 Cross-Site Scripting (XSS) in aspsource (CVE-2017-15947)
CVE-2017-15948 Cross-Site Scripting (XSS) in grabaperch (CVE-2017-15948)
CVE-2017-15934 Cross-Site Scripting (XSS) in artica (CVE-2017-15934)
CVE-2017-15936 Cross-Site Scripting (XSS) in artica (CVE-2017-15936)
CVE-2017-7733 Cross-Site Scripting (XSS) in fortinet (CVE-2017-7733)
CVE-2017-5085 Cross-Site Scripting (XSS) in google (CVE-2017-5085)
CVE-2017-5069 Cross-Site Scripting (XSS) in google (CVE-2017-5069)
CVE-2017-1521 Cross-Site Scripting (XSS) in ibm (CVE-2017-1521)
CVE-2012-4377 Cross-Site Scripting (XSS) in mediawiki (CVE-2012-4377)
CVE-2012-4378 Cross-Site Scripting (XSS) in mediawiki (CVE-2012-4378)
CVE-2017-12158 Vulnerability in redhat (CVE-2017-12158)
CVE-2017-15911 Cross-Site Scripting (XSS) in csrf (CVE-2017-15911)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →