Cross-Site Scripting

⚔️ Attack Types Related 27

slug: xss

Explanation

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。

📌 Example

2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Related tags

Denial of Service85 SQL Injection23 Remote Code Execution19 Server-Side Request Forgery17 Path Traversal14 Privilege Escalation7 Authentication Bypass4 Insecure Deserialization4 Cross-Site Request Forgery1

🛡 Vulnerabilities tagged with this 30

ID	Title	Severity	Detected
CVE-2026-42451	Cross-Site Scripting (XSS) in CVE-2026-42451 (CVE-2026-42451)	Medium	19 hours ago
CVE-2026-42192	Cross-Site Scripting (XSS) in react (CVE-2026-42192)	Medium	20 hours ago
CVE-2026-42030	Vulnerability in CVE-2026-42030 (CVE-2026-42030)	Medium	1 day ago
CVE-2026-38360	Path Traversal in path-traversal (CVE-2026-38360)	Critical	1 day ago
CVE-2026-42794	Cross-Site Scripting (XSS) in CVE-2026-42794 (CVE-2026-42794)		1 day ago
CVE-2026-41591	Cross-Site Scripting (XSS) in CVE-2026-41591 (CVE-2026-41591)	Medium	1 day ago
CVE-2026-41575	Cross-Site Scripting (XSS) in CVE-2026-41575 (CVE-2026-41575)	Medium	1 day ago
CVE-2026-7650	Cross-Site Scripting (XSS) in wordpress (CVE-2026-7650)	Medium	1 day ago
CVE-2026-7475	Cross-Site Scripting (XSS) in wordpress (CVE-2026-7475)	Medium	1 day ago
CVE-2026-5341	Cross-Site Scripting (XSS) in wordpress (CVE-2026-5341)	Medium	1 day ago
CVE-2026-7330	Cross-Site Scripting (XSS) in wordpress (CVE-2026-7330)	High	1 day ago
CVE-2024-33724	Cross-Site Scripting (XSS) in CVE-2024-33724 (CVE-2024-33724)	Medium	1 day ago
CVE-2023-42343	Cross-Site Scripting (XSS) in CVE-2023-42343 (CVE-2023-42343)	Medium	1 day ago
CVE-2023-42345	Cross-Site Scripting (XSS) in CVE-2023-42345 (CVE-2023-42345)	Medium	1 day ago
CVE-2022-23961	Cross-Site Scripting (XSS) in CVE-2022-23961 (CVE-2022-23961)	Medium	1 day ago
CVE-2026-8136	Cross-Site Scripting (XSS) in CVE-2026-8136 (CVE-2026-8136)	Low	1 day ago
CVE-2026-42150	Cross-Site Scripting (XSS) in CVE-2026-42150 (CVE-2026-42150)	Medium	1 day ago
CVE-2026-8117	Cross-Site Scripting (XSS) in CVE-2026-8117 (CVE-2026-8117)	Medium	1 day ago
CVE-2026-41929	Cross-Site Scripting (XSS) in CVE-2026-41929 (CVE-2026-41929)	Medium	1 day ago
CVE-2026-32207	Cross-Site Scripting (XSS) in microsoft (CVE-2026-32207)	High	1 day ago
CVE-2026-39823	Vulnerability in CVE-2026-39823 (CVE-2026-39823)	Medium	1 day ago
CVE-2025-67202	Cross-Site Scripting (XSS) in CVE-2025-67202 (CVE-2025-67202)	Medium	2 days ago
SUSE-SU-2026:1749-1	Vulnerability in SUSE-SU-2026:1749-1 (SUSE-SU-2026:1749-1)		2 days ago
CVE-2026-35453	Cross-Site Scripting (XSS) in phpoffice/phpspreadsheet (CVE-2026-35453)	Medium	3 days ago
CVE-2026-38432	Cross-Site Scripting (XSS) in frappe (CVE-2026-38432)	Medium	4 days ago
CVE-2026-42086	Cross-Site Scripting (XSS) in openc3 (CVE-2026-42086)	Medium	5 days ago
CVE-2025-2749 KEV	[KEV] Path Traversal in Kentico path-traversal (CVE-2025-2749)	High	2 weeks ago
CVE-2025-48700 KEV	[KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2025-48700)	High	2 weeks ago
CVE-2026-32851	Cross-Site Scripting (XSS) in mailenable (CVE-2026-32851)	Medium	1 month ago
CVE-2025-68900	Cross-Site Scripting (XSS) in CVE-2025-68900 (CVE-2025-68900)	Medium	3 months ago

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →