Cwe 79

🧬 CWE Liées 66
slug: cwe-79

Explication

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Exemple
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Étiquettes liées

🛡 Vulnérabilités associées 3,507

ID Titre
CVE-2026-56359 n8n before 2.8.0 contains a cross-site scripting vulnerability in the credential management flow...
CVE-2026-41122 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0...
CVE-2026-56283 Capgo before 12.128.2 contains an html injection vulnerability in the organization settings...
CVE-2026-11903 Improper neutralization of input during web page generation ('cross-site scripting')...
CVE-2026-60092 AVideo (Meet plugin) through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored...
CVE-2026-58657 Grav before 2.0.0 (affected through 2.0.0-rc.9 and the 2.0 branch) contains a stored CSS...
CVE-2026-8310 XSS (Cross-Site Scripting) dans CVE-2026-8310 (CVE-2026-8310)
CVE-2026-8315 XSS (Cross-Site Scripting) dans CVE-2026-8315 (CVE-2026-8315)
CVE-2026-6459 XSS (Cross-Site Scripting) dans wordpress (CVE-2026-6459)
CVE-2026-6820 XSS (Cross-Site Scripting) dans wordpress (CVE-2026-6820)
CVE-2026-6740 XSS (Cross-Site Scripting) dans wordpress (CVE-2026-6740)
CVE-2026-6818 XSS (Cross-Site Scripting) dans wordpress (CVE-2026-6818)
CVE-2026-6371 XSS (Cross-Site Scripting) dans CVE-2026-6371 (CVE-2026-6371)
CVE-2026-6742 XSS (Cross-Site Scripting) dans wordpress (CVE-2026-6742)
CVE-2025-14785 XSS (Cross-Site Scripting) dans wordpress (CVE-2025-14785)
CVE-2026-10570 XSS (Cross-Site Scripting) dans wordpress (CVE-2026-10570)
CVE-2026-11798 XSS (Cross-Site Scripting) dans wordpress (CVE-2026-11798)
CVE-2026-12041 XSS (Cross-Site Scripting) dans wordpress (CVE-2026-12041)
CVE-2026-36162 Vulnérabilité dans CVE-2026-36162 (CVE-2026-36162)
CVE-2026-55647 XSS (Cross-Site Scripting) dans vue (CVE-2026-55647)
CVE-2026-55592 XSS (Cross-Site Scripting) dans CVE-2026-55592 (CVE-2026-55592)
CVE-2026-48954 Improper validation leads to a generic XSS vector in the language override feature.
CVE-2026-48951 Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
CVE-2026-48950 Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
CVE-2026-48952 Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
CVE-2026-48949 Lack of validation leads to an XSS vulnerability in the MFA management views.
CVE-2026-48953 Lack of escaping leads to an XSS vulnerability in the generic image output layout.
CVE-2025-12799 XSS (Cross-Site Scripting) dans CVE-2025-12799 (CVE-2025-12799)
CVE-2026-12948 XSS (Cross-Site Scripting) dans CVE-2026-12948 (CVE-2026-12948)
CVE-2026-8309 XSS (Cross-Site Scripting) dans CVE-2026-8309 (CVE-2026-8309)

🍪 À propos des cookies

Nous utilisons des cookies pour conserver votre session, mémoriser la langue et améliorer le service.

En savoir plus →