Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2017-12131 Cross-Site Scripting (XSS) in wordpress (CVE-2017-12131)
CVE-2017-11727 Cross-Site Scripting (XSS) in rails (CVE-2017-11727)
CVE-2016-9715 Cross-Site Scripting (XSS) in ibm (CVE-2016-9715)
CVE-2016-9718 Cross-Site Scripting (XSS) in ibm (CVE-2016-9718)
CVE-2017-1303 Cross-Site Scripting (XSS) in ibm (CVE-2017-1303)
CVE-2017-1332 Cross-Site Scripting (XSS) in ibm (CVE-2017-1332)
CVE-2017-1496 Cross-Site Scripting (XSS) in ibm (CVE-2017-1496)
CVE-2017-11744 Cross-Site Scripting (XSS) in modx (CVE-2017-11744)
CVE-2017-11737 Cross-Site Scripting (XSS) in rspamd-project (CVE-2017-11737)
CVE-2017-11647 Cross-Site Scripting (XSS) in netcomm (CVE-2017-11647)
CVE-2017-11716 MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode.
CVE-2017-11677 Cross-Site Scripting (XSS) in hashtopus-project (CVE-2017-11677)
CVE-2017-11682 Cross-Site Scripting (XSS) in hashtopolis (CVE-2017-11682)
CVE-2017-11685 Cross-Site Scripting (XSS) in zohocorp (CVE-2017-11685)
CVE-2017-11686 Cross-Site Scripting (XSS) in zohocorp (CVE-2017-11686)
CVE-2017-11687 Cross-Site Scripting (XSS) in zohocorp (CVE-2017-11687)
CVE-2017-11691 Cross-Site Scripting (XSS) in cacti (CVE-2017-11691)
CVE-2017-11666 Cross-Site Scripting (XSS) in kopano (CVE-2017-11666)
CVE-2017-11612 Cross-Site Scripting (XSS) in joomla (CVE-2017-11612)
CVE-2017-11629 Cross-Site Scripting (XSS) in c (CVE-2017-11629)
CVE-2017-11651 NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.
CVE-2016-6133 Cross-Site Scripting (XSS) in ektron (CVE-2016-6133)
CVE-2017-6749 Cross-Site Scripting (XSS) in cisco (CVE-2017-6749)
CVE-2017-6755 Cross-Site Scripting (XSS) in cisco (CVE-2017-6755)
CVE-2017-11458 Cross-Site Scripting (XSS) in sap (CVE-2017-11458)
CVE-2017-11460 Cross-Site Scripting (XSS) in sap (CVE-2017-11460)
CVE-2015-0674 Cross-Site Scripting (XSS) in cisco (CVE-2015-0674)
CVE-2015-5594 Cross-Site Scripting (XSS) in zenphoto (CVE-2015-5594)
CVE-2017-11617 Cross-Site Scripting (XSS) in atmail (CVE-2017-11617)
CVE-2016-6118 Cross-Site Scripting (XSS) in ibm (CVE-2016-6118)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →