Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2017-14621 Portus 2.2.0 has XSS via the Team field, related to typeahead.
CVE-2017-14618 Cross-Site Scripting (XSS) in phpmyfaq (CVE-2017-14618)
CVE-2017-14619 Cross-Site Scripting (XSS) in phpmyfaq (CVE-2017-14619)
CVE-2017-14615 Cross-Site Scripting (XSS) in watchguard (CVE-2017-14615)
CVE-2015-7347 Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1.
CVE-2014-9758 Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1.
CVE-2015-1866 Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2.
CVE-2015-4707 Cross-Site Scripting (XSS) in ipython (CVE-2015-4707)
CVE-2015-4072 Cross-Site Scripting (XSS) in helpdesk-pro-project (CVE-2015-4072)
CVE-2017-14142 Cross-Site Scripting (XSS) in kaltura (CVE-2017-14142)
CVE-2014-6191 Cross-Site Scripting (XSS) in ibm (CVE-2014-6191)
CVE-2015-1864 Cross-Site Scripting (XSS) in kallithea (CVE-2015-1864)
CVE-2015-3299 Cross-Site Scripting (XSS) in wordpress (CVE-2015-3299)
CVE-2015-3432 Cross-Site Scripting (XSS) in pydio (CVE-2015-3432)
CVE-2017-14597 Cross-Site Scripting (XSS) in afterlogic (CVE-2017-14597)
CVE-2017-12156 Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.
CVE-2017-14534 Cross-Site Scripting (XSS) in nexusphp-project (CVE-2017-14534)
CVE-2017-14510 Cross-Site Scripting (XSS) in sugarcrm (CVE-2017-14510)
CVE-2017-14498 Cross-Site Scripting (XSS) in silverstripe (CVE-2017-14498)
CVE-2017-4926 Cross-Site Scripting (XSS) in vmware (CVE-2017-4926)
CVE-2017-1002011 Cross-Site Scripting (XSS) in wordpress (CVE-2017-1002011)
CVE-2017-1002017 Cross-Site Scripting (XSS) in wordpress (CVE-2017-1002017)
CVE-2017-14413 Cross-Site Scripting (XSS) in dlink (CVE-2017-14413)
CVE-2017-14414 Cross-Site Scripting (XSS) in dlink (CVE-2017-14414)
CVE-2017-14415 Cross-Site Scripting (XSS) in dlink (CVE-2017-14415)
CVE-2017-14416 Cross-Site Scripting (XSS) in dlink (CVE-2017-14416)
CVE-2017-3165 Cross-Site Scripting (XSS) in apache (CVE-2017-3165)
CVE-2017-13724 Cross-Site Scripting (XSS) in axesstel (CVE-2017-13724)
CVE-2017-8758 Cross-Site Scripting (XSS) in microsoft (CVE-2017-8758)
CVE-2017-8745 Cross-Site Scripting (XSS) in microsoft (CVE-2017-8745)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →