Cross-Site Scripting

⚔️ Attack Types Related 27
slug: xss

Explanation

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。 例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。 対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。
📌 Example
2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,314

ID Title
CVE-2026-36748 Cross-Site Scripting (XSS) in CVE-2026-36748 (CVE-2026-36748)
CVE-2022-31114 Cross-Site Scripting (XSS) in backpack/crud (CVE-2022-31114)
CVE-2026-47324 Cross-Site Scripting (XSS) in CVE-2026-47324 (CVE-2026-47324)
CVE-2026-10729 Vulnerability in CVE-2026-10729 (CVE-2026-10729)
CVE-2025-14773 Cross-Site Scripting (XSS) in abb (CVE-2025-14773)
CVE-2025-15654 Cross-Site Scripting (XSS) in CVE-2025-15654 (CVE-2025-15654)
CVE-2026-7421 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7421)
CVE-2026-40108 Cross-Site Scripting (XSS) in CVE-2026-40108 (CVE-2026-40108)
CVE-2026-35212 Cross-Site Scripting (XSS) in pycti (CVE-2026-35212)
CVE-2026-42849 Cross-Site Scripting (XSS) in authentik (CVE-2026-42849)
CVE-2026-5385 Cross-Site Scripting (XSS) in CVE-2026-5385 (CVE-2026-5385)
CVE-2026-33245 React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
CVE-2026-30586 Cross-Site Scripting (XSS) in CVE-2026-30586 (CVE-2026-30586)
CVE-2026-33553 Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS.
CVE-2026-34077 Vulnerability in react-router (CVE-2026-34077)
CVE-2026-33244 Cross-Site Scripting (XSS) in react-router (CVE-2026-33244)
CVE-2026-7299 Cross-Site Scripting (XSS) in appsmith (CVE-2026-7299)
CVE-2026-28116 Cross-Site Scripting (XSS) in CVE-2026-28116 (CVE-2026-28116)
CVE-2026-32250 Cross-Site Scripting (XSS) in CVE-2026-32250 (CVE-2026-32250)
CVE-2026-42685 Cross-Site Scripting (XSS) in CVE-2026-42685 (CVE-2026-42685)
CVE-2026-5191 Cross-Site Scripting (XSS) in wordpress (CVE-2026-5191)
CVE-2026-34907 Cross-Site Scripting (XSS) in CVE-2026-34907 (CVE-2026-34907)
CVE-2025-52759 Cross-Site Scripting (XSS) in CVE-2025-52759 (CVE-2025-52759)
CVE-2026-1451 Cross-Site Scripting (XSS) in wordpress (CVE-2026-1451)
CVE-2025-5085 Cross-Site Scripting (XSS) in wordpress (CVE-2025-5085)
CVE-2026-1450 Cross-Site Scripting (XSS) in wordpress (CVE-2026-1450)
CVE-2026-8885 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8885)
CVE-2026-2382 Cross-Site Scripting (XSS) in wordpress (CVE-2026-2382)
CVE-2026-2425 Cross-Site Scripting (XSS) in wordpress (CVE-2026-2425)
CVE-2026-4080 Cross-Site Scripting (XSS) in wordpress (CVE-2026-4080)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →