Cross-Site Scripting

⚔️ Attack Types Related 27
slug: xss

Explanation

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。 例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。 対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。
📌 Example
2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,314

ID Title
CVE-2026-48167 Cross-Site Scripting (XSS) in filament/infolists (CVE-2026-48167)
CVE-2026-11994 Cross-Site Scripting (XSS) in CVE-2026-11994 (CVE-2026-11994)
CVE-2026-8059 Cross-Site Scripting (XSS) in ibm (CVE-2026-8059)
CVE-2026-11943 Cross-Site Scripting (XSS) in CVE-2026-11943 (CVE-2026-11943)
CVE-2026-11942 Cross-Site Scripting (XSS) in CVE-2026-11942 (CVE-2026-11942)
CVE-2026-11372 Cross-Site Scripting (XSS) in ibm (CVE-2026-11372)
CVE-2024-51454 Vulnerability in ibm (CVE-2024-51454)
CVE-2026-9029 The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug....
CVE-2025-33128 Cross-Site Scripting (XSS) in ibm (CVE-2025-33128)
CVE-2026-12580 Cross-Site Scripting (XSS) in csharp (CVE-2026-12580)
CVE-2023-45796 Cross-Site Scripting (XSS) in CVE-2023-45796 (CVE-2023-45796)
CVE-2023-45795 Cross-Site Scripting (XSS) in CVE-2023-45795 (CVE-2023-45795)
CVE-2026-4259 Cross-Site Scripting (XSS) in wordpress (CVE-2026-4259)
CVE-2026-4110 Vulnerability in wordpress (CVE-2026-4110)
CVE-2026-6858 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6858)
CVE-2025-62198 Vulnerability in apache (CVE-2025-62198)
CVE-2026-12811 Cross-Site Scripting (XSS) in CVE-2026-12811 (CVE-2026-12811)
CVE-2026-56397 Cross-Site Scripting (XSS) in CVE-2026-56397 (CVE-2026-56397)
CVE-2026-56393 Cross-Site Scripting (XSS) in CVE-2026-56393 (CVE-2026-56393)
CVE-2026-56395 Cross-Site Scripting (XSS) in CVE-2026-56395 (CVE-2026-56395)
CVE-2026-56383 Cross-Site Scripting (XSS) in CVE-2026-56383 (CVE-2026-56383)
CVE-2026-56381 Cross-Site Scripting (XSS) in CVE-2026-56381 (CVE-2026-56381)
CVE-2026-56347 Cross-Site Scripting (XSS) in CVE-2026-56347 (CVE-2026-56347)
CVE-2026-56317 Cross-Site Scripting (XSS) in nuxt (CVE-2026-56317)
CVE-2025-71331 Vulnerability in flowiseai (CVE-2025-71331)
CVE-2026-55877 Cross-Site Scripting (XSS) in symfony/ux-icons (CVE-2026-55877)
CVE-2026-32208 Cross-Site Scripting (XSS) in microsoft (CVE-2026-32208)
CVE-2026-55660 Cross-Site Scripting (XSS) in tinacms (CVE-2026-55660)
CVE-2026-55778 Unrestricted File Upload in parse-server (CVE-2026-55778)
CVE-2026-12621 Cross-Site Scripting (XSS) in CVE-2026-12621 (CVE-2026-12621)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →