Cwe 79

🧬 CWE Related 66
slug: cwe-79

Explanation

CWE-79は「Webアプリがユーザー入力をきちんと無害化せずに画面に出力してしまう欠陥」のことです。 結果として、攻撃者はWebページに悪意あるJavaScriptを埋め込めるようになり、見た人のCookie (ログイン情報) や入力情報を盗めるようになります。 対策はWebの基本中の基本: 出力時のHTMLエスケープです。
📌 Example
MySpace ワーム「Samy」 (2005): 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,521

ID Title
CVE-2017-9361 WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.
CVE-2017-9366 Cross-Site Scripting (XSS) in epesi (CVE-2017-9366)
CVE-2017-7384 Cross-Site Scripting (XSS) in flipbuilder (CVE-2017-7384)
CVE-2017-3127 Cross-Site Scripting (XSS) in fortinet (CVE-2017-3127)
CVE-2017-9331 Cross-Site Scripting (XSS) in epesi (CVE-2017-9331)
CVE-2017-9336 The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post.
CVE-2017-9337 Cross-Site Scripting (XSS) in wordpress (CVE-2017-9337)
CVE-2017-9305 Cross-Site Scripting (XSS) in tiki (CVE-2017-9305)
CVE-2017-9306 Cross-Site Scripting (XSS) in syspass (CVE-2017-9306)
CVE-2017-2307 Cross-Site Scripting (XSS) in juniper (CVE-2017-2307)
CVE-2017-9299 Cross-Site Scripting (XSS) in otrs (CVE-2017-9299)
CVE-2017-9298 Cross-Site Scripting (XSS) in hitachi (CVE-2017-9298)
CVE-2017-9289 Cross-Site Scripting (XSS) in note-project (CVE-2017-9289)
CVE-2017-9292 Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782.
CVE-2017-9288 Cross-Site Scripting (XSS) in wordpress (CVE-2017-9288)
CVE-2017-9249 Cross-Site Scripting (XSS) in allen-disk-project (CVE-2017-9249)
CVE-2017-9251 Cross-Site Scripting (XSS) in finecms-project (CVE-2017-9251)
CVE-2017-9252 Cross-Site Scripting (XSS) in finecms-project (CVE-2017-9252)
CVE-2017-9243 Cross-Site Scripting (XSS) in aries-networks (CVE-2017-9243)
CVE-2017-7296 Cross-Site Scripting (XSS) in contiki-os (CVE-2017-7296)
CVE-2017-3129 Cross-Site Scripting (XSS) in fortinet (CVE-2017-3129)
CVE-2017-7339 Cross-Site Scripting (XSS) in fortinet (CVE-2017-7339)
CVE-2017-1291 Cross-Site Scripting (XSS) in ibm (CVE-2017-1291)
CVE-2017-1325 Cross-Site Scripting (XSS) in ibm (CVE-2017-1325)
CVE-2017-9037 Cross-Site Scripting (XSS) in trendmicro (CVE-2017-9037)
CVE-2017-9032 Cross-Site Scripting (XSS) in trendmicro (CVE-2017-9032)
CVE-2016-0781 Cross-Site Scripting (XSS) in cloudfoundry (CVE-2016-0781)
CVE-2017-3128 Cross-Site Scripting (XSS) in fortinet (CVE-2017-3128)
CVE-2017-7288 Cross-Site Scripting (XSS) in synacor (CVE-2017-7288)
CVE-2015-8477 Cross-Site Scripting (XSS) in redmine (CVE-2015-8477)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →