Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,514

ID Title
CVE-2026-44311 Cross-Site Scripting (XSS) in fabric (CVE-2026-44311)
CVE-2026-53724 Cross-Site Scripting (XSS) in parse-server (CVE-2026-53724)
CVE-2026-53568 Cross-Site Scripting (XSS) in CVE-2026-53568 (CVE-2026-53568)
CVE-2026-53722 Cross-Site Scripting (XSS) in nuxt (CVE-2026-53722)
CVE-2026-47739 Cross-Site Scripting (XSS) in CVE-2026-47739 (CVE-2026-47739)
CVE-2026-44205 Cross-Site Scripting (XSS) in CVE-2026-44205 (CVE-2026-44205)
CVE-2026-9125 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9125)
CVE-2026-42653 Cross-Site Scripting (XSS) in CVE-2026-42653 (CVE-2026-42653)
CVE-2026-46489 SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG f...
CVE-2026-8589 Cross-Site Scripting (XSS) in gitlab (CVE-2026-8589)
CVE-2026-10087 Cross-Site Scripting (XSS) in gitlab (CVE-2026-10087)
CVE-2023-33999 Cross-Site Scripting (XSS) in CVE-2023-33999 (CVE-2023-33999)
CVE-2026-40986 Cross-Site Scripting (XSS) in CVE-2026-40986 (CVE-2026-40986)
CVE-2026-2827 Cross-Site Scripting (XSS) in wordpress (CVE-2026-2827)
CVE-2026-42558 Cross-Site Scripting (XSS) in CVE-2026-42558 (CVE-2026-42558)
CVE-2026-53741 Cross-Site Scripting (XSS) in CVE-2026-53741 (CVE-2026-53741)
CVE-2026-53742 Cross-Site Scripting (XSS) in CVE-2026-53742 (CVE-2026-53742)
CVE-2026-53740 Cross-Site Scripting (XSS) in CVE-2026-53740 (CVE-2026-53740)
CVE-2026-53737 Cross-Site Scripting (XSS) in CVE-2026-53737 (CVE-2026-53737)
CVE-2026-0266 Cross-Site Scripting (XSS) in CVE-2026-0266 (CVE-2026-0266)
CVE-2026-20258 Cross-Site Scripting (XSS) in splunk (CVE-2026-20258)
CVE-2026-46642 Cross-Site Scripting (XSS) in CVE-2026-46642 (CVE-2026-46642)
CVE-2026-53693 Cross-Site Scripting (XSS) in CVE-2026-53693 (CVE-2026-53693)
CVE-2026-53473 Cross-Site Scripting (XSS) in kubev2v (CVE-2026-53473)
CVE-2026-45560 Cross-Site Scripting (XSS) in c (CVE-2026-45560)
CVE-2026-53441 Cross-Site Scripting (XSS) in org.jenkins-ci.main:jenkins-core (CVE-2026-53441)
CVE-2026-49069 Cross-Site Scripting (XSS) in CVE-2026-49069 (CVE-2026-49069)
CVE-2026-8613 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8613)
CVE-2026-8853 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8853)
CVE-2026-9019 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9019)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →