Cwe 79

🧬 CWE Liées 66
slug: cwe-79

Explication

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Exemple
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Étiquettes liées

🛡 Vulnérabilités associées 3,514

ID Titre
CVE-2026-42775 Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 versions.
CVE-2026-42686 Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.
CVE-2026-42688 Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14.23 versions.
CVE-2026-42663 Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7.2 versions.
CVE-2026-42650 Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 versions.
CVE-2026-42658 Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5.3.8 versions.
CVE-2026-42656 Subscriber Cross Site Scripting (XSS) in Contest Gallery <= 28.1.6 versions.
CVE-2026-42649 Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.11 versions.
CVE-2026-40787 Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master <= 11.0.0 versions.
CVE-2026-40770 Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5.3 versions.
CVE-2026-40791 Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Form <= 1.2.46 versions.
CVE-2026-41556 Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versions.
CVE-2026-40732 Unauthenticated Cross Site Scripting (XSS) in Notification for Telegram <= 3.5 versions.
CVE-2026-39540 Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocommerce <= 1.5.3.2 versions.
CVE-2026-39449 Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API <= 3.0.3 versions.
CVE-2026-39463 Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions.
CVE-2026-39491 Subscriber Cross Site Scripting (XSS) in JupiterX Core <= 4.14.1 versions.
CVE-2026-39447 Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.10.6 versions.
CVE-2026-39451 Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider <= 18.0 versions.
CVE-2026-39507 Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions.
CVE-2026-39514 Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.
CVE-2026-23970 Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions.
CVE-2026-34902 Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.
CVE-2025-68851 Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions.
CVE-2025-68872 XSS (Cross-Site Scripting) dans CVE-2025-68872 (CVE-2025-68872)
CVE-2026-34900 Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.
CVE-2025-68840 Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions.
CVE-2026-39435 Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.
CVE-2026-50883 XSS (Cross-Site Scripting) dans CVE-2026-50883 (CVE-2026-50883)
CVE-2026-50876 XSS (Cross-Site Scripting) dans CVE-2026-50876 (CVE-2026-50876)

🍪 À propos des cookies

Nous utilisons des cookies pour conserver votre session, mémoriser la langue et améliorer le service.

En savoir plus →