Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2016-8975 Cross-Site Scripting (XSS) in ibm (CVE-2016-8975)
CVE-2017-1245 Cross-Site Scripting (XSS) in ibm (CVE-2017-1245)
CVE-2017-1249 Cross-Site Scripting (XSS) in ibm (CVE-2017-1249)
CVE-2017-1380 Cross-Site Scripting (XSS) in ibm (CVE-2017-1380)
CVE-2017-10711 Cross-Site Scripting (XSS) in csrf (CVE-2017-10711)
CVE-2017-11593 Cross-Site Scripting (XSS) in ooso (CVE-2017-11593)
CVE-2017-11594 Cross-Site Scripting (XSS) in loomio (CVE-2017-11594)
CVE-2017-11581 Cross-Site Scripting (XSS) in finecms (CVE-2017-11581)
CVE-2017-2274 Cross-Site Scripting (XSS) in buffalo (CVE-2017-2274)
CVE-2017-1372 Cross-Site Scripting (XSS) in ibm (CVE-2017-1372)
CVE-2017-11516 Cross-Site Scripting (XSS) in yiiframework (CVE-2017-11516)
CVE-2015-3421 Cross-Site Scripting (XSS) in wordpress (CVE-2015-3421)
CVE-2017-9931 Cross-Site Scripting (XSS) in greenpacket (CVE-2017-9931)
CVE-2017-11503 Cross-Site Scripting (XSS) in phpmailer-project (CVE-2017-11503)
CVE-2017-0378 Cross-Site Scripting (XSS) in phamm (CVE-2017-0378)
CVE-2017-7059 Cross-Site Scripting (XSS) in apple (CVE-2017-7059)
CVE-2017-7038 Cross-Site Scripting (XSS) in apple (CVE-2017-7038)
CVE-2017-10676 Cross-Site Scripting (XSS) in d-link (CVE-2017-10676)
CVE-2017-1203 Cross-Site Scripting (XSS) in ibm (CVE-2017-1203)
CVE-2016-5394 Cross-Site Scripting (XSS) in apache (CVE-2016-5394)
CVE-2016-7509 Cross-Site Scripting (XSS) in glpi-project (CVE-2016-7509)
CVE-2017-9764 Cross-Site Scripting (XSS) in metinfo (CVE-2017-9764)
CVE-2017-10801 phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO to the search/tag/ URI.
CVE-2017-11439 In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.
CVE-2017-11441 Cross-Site Scripting (XSS) in cpanel (CVE-2017-11441)
CVE-2017-5247 Cross-Site Scripting (XSS) in biscom (CVE-2017-5247)
CVE-2017-10962 REDCap before 7.5.1 has XSS via the query string.
CVE-2017-8896 Cross-Site Scripting (XSS) in owncloud (CVE-2017-8896)
CVE-2017-9338 Cross-Site Scripting (XSS) in owncloud (CVE-2017-9338)
CVE-2017-9609 Cross-Site Scripting (XSS) in blackcat-cms (CVE-2017-9609)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →