JavaScript

💬 Programming Languages Related 41
slug: javascript

Explanation

JavaScriptはブラウザの中で動くプログラミング言語で、ボタンを押したときの動きやページの動的な変化を担当します。 近年は Node.js でサーバー側でも使われ、Webアプリ全体で最も使われている言語のひとつです。 脆弱性の文脈では XSS (クロスサイトスクリプティング) という、攻撃者がページに悪意あるスクリプトを混入させる攻撃が代表的です。
📌 Example
npmパッケージ event-stream の事件 (2018) では、人気ライブラリに悪意あるコードが仕込まれ、暗号通貨ウォレットからお金を盗むコードが世界中の Node.js アプリに混入した。

🔖 Related tags

🛡 Vulnerabilities tagged with this 1,581

ID Title
CVE-2024-11831 Cross-Site Scripting (XSS) in CVE-2024-11831 (CVE-2024-11831)
CVE-2024-55591 KEV [KEV] Vulnerability in Fortinet fortios-and-fortiproxy (CVE-2024-55591)
CVE-2024-42831 Cross-Site Scripting (XSS) in CVE-2024-42831 (CVE-2024-42831)
CVE-2024-8644 Vulnerability in oceanicsoft (CVE-2024-8644)
CVE-2023-46948 Cross-Site Scripting (XSS) in CVE-2023-46948 (CVE-2023-46948)
CVE-2024-3166 Cross-Site Scripting (XSS) in mintplexlabs (CVE-2024-3166)
CVE-2024-4367 Vulnerability in pdfjs-dist (CVE-2024-4367)
CVE-2024-24398 Path Traversal in path-traversal (CVE-2024-24398)
CVE-2024-24396 Cross-Site Scripting (XSS) in stimulsoft (CVE-2024-24396)
CVE-2024-24397 Cross-Site Scripting (XSS) in stimulsoft (CVE-2024-24397)
CVE-2023-48795 Vulnerability in russh (CVE-2023-48795)
CVE-2023-48238 Vulnerability in json-web-token (CVE-2023-48238)
CVE-2023-46233 Vulnerability in crypto-js-project (CVE-2023-46233)
CVE-2023-45815 Cross-Site Scripting (XSS) in archivebox (CVE-2023-45815)
CVE-2023-40932 Cross-Site Scripting (XSS) in nagios (CVE-2023-40932)
CVE-2023-30186 Use-After-Free in onlyoffice (CVE-2023-30186)
CVE-2023-30187 Out-of-Bounds Write in onlyoffice (CVE-2023-30187)
CVE-2023-30188 Vulnerability in dos (CVE-2023-30188)
CVE-2023-26961 Cross-Site Scripting (XSS) in alteryx (CVE-2023-26961)
CVE-2023-31868 Cross-Site Scripting (XSS) in sage (CVE-2023-31868)
CVE-2023-28606 js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
CVE-2023-28607 js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.
CVE-2023-23326 Cross-Site Scripting (XSS) in avantfax (CVE-2023-23326)
CVE-2023-24027 In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.
CVE-2022-44303 Cross-Site Scripting (XSS) in resque-scheduler-project (CVE-2022-44303)
CVE-2022-37721 Cross-Site Scripting (XSS) in privilege-escalation (CVE-2022-37721)
CVE-2022-37720 Cross-Site Scripting (XSS) in privilege-escalation (CVE-2022-37720)
CVE-2022-20969 Cross-Site Scripting (XSS) in cisco (CVE-2022-20969)
CVE-2022-38901 Cross-Site Scripting (XSS) in liferay (CVE-2022-38901)
CVE-2022-38902 Cross-Site Scripting (XSS) in liferay (CVE-2022-38902)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →