Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,507

ID Title
CVE-2026-12734 Cross-Site Scripting (XSS) in wordpress (CVE-2026-12734)
CVE-2026-13376 Cross-Site Scripting (XSS) in CVE-2026-13376 (CVE-2026-13376)
CVE-2026-13373 Cross-Site Scripting (XSS) in CVE-2026-13373 (CVE-2026-13373)
CVE-2026-13375 Cross-Site Scripting (XSS) in CVE-2026-13375 (CVE-2026-13375)
CVE-2026-13374 Cross-Site Scripting (XSS) in CVE-2026-13374 (CVE-2026-13374)
CVE-2026-13377 Cross-Site Scripting (XSS) in CVE-2026-13377 (CVE-2026-13377)
CVE-2026-59102 Cross-Site Scripting (XSS) in vue (CVE-2026-59102)
CVE-2026-58579 Cross-Site Scripting (XSS) in CVE-2026-58579 (CVE-2026-58579)
CVE-2025-71385 Cross-Site Scripting (XSS) in netdata (CVE-2025-71385)
CVE-2026-8699 Cross-Site Scripting (XSS) in CVE-2026-8699 (CVE-2026-8699)
CVE-2026-4770 Cross-Site Scripting (XSS) in CVE-2026-4770 (CVE-2026-4770)
CVE-2026-4772 Cross-Site Scripting (XSS) in CVE-2026-4772 (CVE-2026-4772)
CVE-2026-57763 Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions.
CVE-2026-57764 Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions.
CVE-2026-57762 Author Cross Site Scripting (XSS) in Simple URLs <= 151 versions.
CVE-2026-57754 Cross-Site Scripting (XSS) in CVE-2026-57754 (CVE-2026-57754)
CVE-2026-57684 Contributor Cross Site Scripting (XSS) in TheFox <= 3.9.70 versions.
CVE-2026-57682 Unauthenticated Cross Site Scripting (XSS) in Simple Link Directory <= 15.0.5 versions.
CVE-2026-57755 Cross-Site Scripting (XSS) in CVE-2026-57755 (CVE-2026-57755)
CVE-2026-57686 Unauthenticated Cross Site Scripting (XSS) in WowAddons <= 1.6.14 versions.
CVE-2026-57359 Unauthenticated Cross Site Scripting (XSS) in ReviewX <= 2.3.10 versions.
CVE-2026-57356 Unauthenticated Cross Site Scripting (XSS) in MC Woocommerce Wishlist <= 1.9.19 versions.
CVE-2026-57672 Unauthenticated Cross Site Scripting (XSS) in wpDataTables <= 6.5.1.1 versions.
CVE-2026-57350 Unauthenticated Cross Site Scripting (XSS) in WP Debugging <= 2.12.2 versions.
CVE-2026-57354 Subscriber Cross Site Scripting (XSS) in JetReviews <= 3.0.0.1 versions.
CVE-2026-57351 Unauthenticated Cross Site Scripting (XSS) in HandL UTM Grabber <= 2.9.2 versions.
CVE-2026-57358 Cross-Site Scripting (XSS) in CVE-2026-57358 (CVE-2026-57358)
CVE-2026-57361 Unauthenticated Cross Site Scripting (XSS) in Survey Maker <= 5.2.2.5 versions.
CVE-2026-57349 Unauthenticated Cross Site Scripting (XSS) in WPeMatico RSS Feed Fetcher <= 2.8.17 versions.
CVE-2026-57625 Cross-Site Scripting (XSS) in CVE-2026-57625 (CVE-2026-57625)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →