Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,513

ID Title
CVE-2016-9128 Cross-Site Scripting (XSS) in revive-adserver (CVE-2016-9128)
CVE-2016-9130 Cross-Site Scripting (XSS) in revive-adserver (CVE-2016-9130)
CVE-2016-9454 Cross-Site Scripting (XSS) in revive-adserver (CVE-2016-9454)
CVE-2016-9457 Cross-Site Scripting (XSS) in revive-adserver (CVE-2016-9457)
CVE-2016-9459 Vulnerability in nextcloud (CVE-2016-9459)
CVE-2016-6056 Cross-Site Scripting (XSS) in ibm (CVE-2016-6056)
CVE-2016-9737 Cross-Site Scripting (XSS) in ibm (CVE-2016-9737)
CVE-2017-1120 Cross-Site Scripting (XSS) in ibm (CVE-2017-1120)
CVE-2015-8010 Cross-Site Scripting (XSS) in icinga (CVE-2015-8010)
CVE-2017-7271 Cross-Site Scripting (XSS) in yii-software (CVE-2017-7271)
CVE-2015-8310 Cross-Site Scripting (XSS) in cherrymusic (CVE-2015-8310)
CVE-2017-6878 Cross-Site Scripting (XSS) in metinfo (CVE-2017-6878)
CVE-2017-6003 Cross-Site Scripting (XSS) in dotcms (CVE-2017-6003)
CVE-2017-6067 Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.
CVE-2017-2644 In Moodle 3.x, XSS can occur via evidence of prior learning.
CVE-2017-2645 In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.
CVE-2017-7255 Cross-Site Scripting (XSS) in cmsmadesimple (CVE-2017-7255)
CVE-2017-7256 Cross-Site Scripting (XSS) in cmsmadesimple (CVE-2017-7256)
CVE-2017-7257 Cross-Site Scripting (XSS) in cmsmadesimple (CVE-2017-7257)
CVE-2017-7247 Cross-Site Scripting (XSS) in gazelle-project (CVE-2017-7247)
CVE-2017-7248 Cross-Site Scripting (XSS) in gazelle-project (CVE-2017-7248)
CVE-2017-7249 Cross-Site Scripting (XSS) in gazelle-project (CVE-2017-7249)
CVE-2017-7250 Cross-Site Scripting (XSS) in gazelle-project (CVE-2017-7250)
CVE-2017-7251 Cross-Site Scripting (XSS) in piengine (CVE-2017-7251)
CVE-2015-8622 Cross-Site Scripting (XSS) in mediawiki (CVE-2015-8622)
CVE-2015-8687 Cross-Site Scripting (XSS) in alcatel-lucent (CVE-2015-8687)
CVE-2017-7242 Cross-Site Scripting (XSS) in slims (CVE-2017-7242)
CVE-2016-5751 Cross-Site Scripting (XSS) in netiq (CVE-2016-5751)
CVE-2016-5756 Cross-Site Scripting (XSS) in netiq (CVE-2016-5756)
CVE-2016-9169 Cross-Site Scripting (XSS) in novell (CVE-2016-9169)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →