Cwe 79

🧬 CWE Liées 66
slug: cwe-79

Explication

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Exemple
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Étiquettes liées

🛡 Vulnérabilités associées 3,521

ID Titre
CVE-2026-48871 Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 versions.
CVE-2026-48876 Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 versions.
CVE-2026-48838 Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versions.
CVE-2026-48870 Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= 51.1.62 versions.
CVE-2026-48867 Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.1.2 versions.
CVE-2026-48885 Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 versions.
CVE-2026-45437 XSS (Cross-Site Scripting) dans CVE-2026-45437 (CVE-2026-45437)
CVE-2026-42775 Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
CVE-2026-42686 Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.
CVE-2026-42688 Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.
CVE-2026-42663 Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions.
CVE-2026-42650 Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions.
CVE-2026-42658 Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
CVE-2026-42656 Subscriber Cross Site Scripting (XSS) in Contest Gallery <= 28.1.6 versions.
CVE-2026-42649 Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions.
CVE-2026-40787 Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
CVE-2026-40770 Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.
CVE-2026-40791 Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
CVE-2026-41556 Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.
CVE-2026-40732 Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.
CVE-2026-39540 Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce <= 1.5.3.2 versions.
CVE-2026-39449 Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API <= 3.0.3 versions.
CVE-2026-39463 Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions.
CVE-2026-39491 Subscriber Cross Site Scripting (XSS) in JupiterX Core <= 4.14.1 versions.
CVE-2026-39447 Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.10.6 versions.
CVE-2026-39451 Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider <= 18.0 versions.
CVE-2026-39507 Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions.
CVE-2026-39514 Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.
CVE-2025-68872 XSS (Cross-Site Scripting) dans CVE-2025-68872 (CVE-2025-68872)
CVE-2025-68840 Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions.

🍪 À propos des cookies

Nous utilisons des cookies pour conserver votre session, mémoriser la langue et améliorer le service.

En savoir plus →