Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,519

ID Title
CVE-2017-1282 Cross-Site Scripting (XSS) in ibm (CVE-2017-1282)
CVE-2017-1320 Cross-Site Scripting (XSS) in ibm (CVE-2017-1320)
CVE-2016-4903 Cross-Site Scripting (XSS) in wordpress (CVE-2016-4903)
CVE-2017-2168 Cross-Site Scripting (XSS) in wpbookingsystem (CVE-2017-2168)
CVE-2017-2169 Cross-Site Scripting (XSS) in maxbuttons-project (CVE-2017-2169)
CVE-2017-2171 Cross-Site Scripting (XSS) in bestwebsoft (CVE-2017-2171)
CVE-2017-2173 Cross-Site Scripting (XSS) in ipa (CVE-2017-2173)
CVE-2017-2174 Cross-Site Scripting (XSS) in ipa (CVE-2017-2174)
CVE-2017-9140 Cross-Site Scripting (XSS) in csharp (CVE-2017-9140)
CVE-2017-2549 Cross-Site Scripting (XSS) in apple (CVE-2017-2549)
CVE-2017-2528 Cross-Site Scripting (XSS) in apple (CVE-2017-2528)
CVE-2017-2504 Cross-Site Scripting (XSS) in apple (CVE-2017-2504)
CVE-2017-2508 Cross-Site Scripting (XSS) in apple (CVE-2017-2508)
CVE-2017-2510 Cross-Site Scripting (XSS) in apple (CVE-2017-2510)
CVE-2017-6654 Cross-Site Scripting (XSS) in cisco (CVE-2017-6654)
CVE-2017-4978 Cross-Site Scripting (XSS) in rsa (CVE-2017-4978)
CVE-2017-9072 Cross-Site Scripting (XSS) in calendarxp (CVE-2017-9072)
CVE-2017-9068 Cross-Site Scripting (XSS) in modx (CVE-2017-9068)
CVE-2017-9070 Cross-Site Scripting (XSS) in modx (CVE-2017-9070)
CVE-2017-9071 Cross-Site Scripting (XSS) in modx (CVE-2017-9071)
CVE-2017-9061 Cross-Site Scripting (XSS) in wordpress (CVE-2017-9061)
CVE-2017-9062 In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
CVE-2017-9063 Cross-Site Scripting (XSS) in wordpress (CVE-2017-9063)
CVE-2017-4011 Cross-Site Scripting (XSS) in mcafee (CVE-2017-4011)
CVE-2015-3998 Cross-Site Scripting (XSS) in wordpress (CVE-2015-3998)
CVE-2017-7953 INFOR EAM V11.0 Build 201410 has XSS via comment fields.
CVE-2016-4855 Cross-Site Scripting (XSS) in adodb-project (CVE-2016-4855)
CVE-2016-4856 Cross-Site Scripting (XSS) in splunk (CVE-2016-4856)
CVE-2016-4858 Cross-Site Scripting (XSS) in splunk (CVE-2016-4858)
CVE-2016-4877 Cross-Site Scripting (XSS) in basercms (CVE-2016-4877)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →