Cross-Site Scripting

⚔️ Attack Types Related 27
slug: xss

Explanation

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。 例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。 対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。
📌 Example
2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,314

ID Title
CVE-2026-8891 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8891)
CVE-2026-8894 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8894)
CVE-2026-8898 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8898)
CVE-2026-8897 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8897)
CVE-2026-8869 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8869)
CVE-2026-8870 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8870)
CVE-2026-8871 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8871)
CVE-2026-8868 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8868)
CVE-2026-8867 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8867)
CVE-2026-8873 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8873)
CVE-2026-8872 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8872)
CVE-2026-8846 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8846)
CVE-2026-8847 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8847)
CVE-2026-8842 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8842)
CVE-2026-8844 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8844)
CVE-2026-8845 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8845)
CVE-2026-8837 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8837)
CVE-2026-8866 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8866)
CVE-2026-8702 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8702)
CVE-2026-8701 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8701)
CVE-2026-8048 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8048)
CVE-2026-8698 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8698)
CVE-2026-8707 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8707)
CVE-2026-8703 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8703)
CVE-2026-8040 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8040)
CVE-2026-6268 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6268)
CVE-2026-6287 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6287)
CVE-2026-9022 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9022)
CVE-2026-2253 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0,...
CVE-2026-9608 Cross-Site Scripting (XSS) in CVE-2026-9608 (CVE-2026-9608)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →