Cwe 79

🧬 CWE Liées 66
slug: cwe-79

Explication

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Exemple
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Étiquettes liées

🛡 Vulnérabilités associées 3,521

ID Titre
CVE-2017-17953 PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter.
CVE-2017-17954 PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter.
CVE-2017-17955 PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter.
CVE-2017-17956 XSS (Cross-Site Scripting) dans php-multivendor-ecommerce-project (CVE-2017-17956)
CVE-2017-17958 PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter.
CVE-2017-15892 XSS (Cross-Site Scripting) dans synology (CVE-2017-15892)
CVE-2017-17937 Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.
CVE-2017-17938 PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter.
CVE-2017-17940 PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php.
CVE-2015-7324 XSS (Cross-Site Scripting) dans stackideas (CVE-2015-7324)
CVE-2015-7666 XSS (Cross-Site Scripting) dans wordpress (CVE-2015-7666)
CVE-2015-7667 XSS (Cross-Site Scripting) dans wordpress (CVE-2015-7667)
CVE-2015-7668 XSS (Cross-Site Scripting) dans wordpress (CVE-2015-7668)
CVE-2017-16768 XSS (Cross-Site Scripting) dans synology (CVE-2017-16768)
CVE-2017-17904 XSS (Cross-Site Scripting) dans fortunescripts (CVE-2017-17904)
CVE-2017-17907 XSS (Cross-Site Scripting) dans car-rental-script-project (CVE-2017-17907)
CVE-2017-17909 PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter.
CVE-2017-17911 XSS (Cross-Site Scripting) dans archon (CVE-2017-17911)
CVE-2017-17925 XSS (Cross-Site Scripting) dans ordermanagementscript (CVE-2017-17925)
CVE-2017-17929 PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter.
CVE-2017-17893 XSS (Cross-Site Scripting) dans readymade-video-sharing-script-project (CVE-2017-17893)
CVE-2017-17896 Readymade Job Site Script has XSS via the keyword parameter to the /job URI.
CVE-2017-17859 XSS (Cross-Site Scripting) dans samsung (CVE-2017-17859)
CVE-2017-17868 XSS (Cross-Site Scripting) dans liferay (CVE-2017-17868)
CVE-2017-17869 The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.
CVE-2017-17832 XSS (Cross-Site Scripting) dans serverscheck (CVE-2017-17832)
CVE-2017-1365 XSS (Cross-Site Scripting) dans ibm (CVE-2017-1365)
CVE-2017-15312 XSS (Cross-Site Scripting) dans huawei (CVE-2017-15312)
CVE-2017-14363 XSS (Cross-Site Scripting) dans microfocus (CVE-2017-14363)
CVE-2017-17828 XSS (Cross-Site Scripting) dans doditsolutions (CVE-2017-17828)

🍪 À propos des cookies

Nous utilisons des cookies pour conserver votre session, mémoriser la langue et améliorer le service.

En savoir plus →