Cross-Site Scripting

⚔️ Attack Types Related 27
slug: xss

Explanation

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。 例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。 対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。
📌 Example
2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,314

ID Title
CVE-2026-13377 Cross-Site Scripting (XSS) in CVE-2026-13377 (CVE-2026-13377)
CVE-2026-13376 Cross-Site Scripting (XSS) in CVE-2026-13376 (CVE-2026-13376)
CVE-2026-13374 Cross-Site Scripting (XSS) in CVE-2026-13374 (CVE-2026-13374)
CVE-2026-13375 Cross-Site Scripting (XSS) in CVE-2026-13375 (CVE-2026-13375)
CVE-2026-59102 Cross-Site Scripting (XSS) in vue (CVE-2026-59102)
CVE-2025-71385 Cross-Site Scripting (XSS) in netdata (CVE-2025-71385)
CVE-2026-8699 Cross-Site Scripting (XSS) in CVE-2026-8699 (CVE-2026-8699)
CVE-2026-4772 Cross-Site Scripting (XSS) in CVE-2026-4772 (CVE-2026-4772)
CVE-2026-4770 Cross-Site Scripting (XSS) in CVE-2026-4770 (CVE-2026-4770)
CVE-2026-57763 Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions.
CVE-2026-57764 Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions.
CVE-2026-57762 Author Cross Site Scripting (XSS) in Simple URLs <= 151 versions.
CVE-2026-57684 Contributor Cross Site Scripting (XSS) in TheFox <= 3.9.70 versions.
CVE-2026-57682 Unauthenticated Cross Site Scripting (XSS) in Simple Link Directory <= 15.0.5 versions.
CVE-2026-57754 Cross-Site Scripting (XSS) in CVE-2026-57754 (CVE-2026-57754)
CVE-2026-57686 Unauthenticated Cross Site Scripting (XSS) in WowAddons <= 1.6.14 versions.
CVE-2026-57755 Cross-Site Scripting (XSS) in CVE-2026-57755 (CVE-2026-57755)
CVE-2026-57360 Unauthenticated Cross Site Scripting (XSS) in eCommerce Product Catalog <= 3.5.4 versions.
CVE-2026-57349 Unauthenticated Cross Site Scripting (XSS) in WPeMatico RSS Feed Fetcher <= 2.8.17 versions.
CVE-2026-57359 Unauthenticated Cross Site Scripting (XSS) in ReviewX <= 2.3.10 versions.
CVE-2026-57673 Unauthenticated Cross Site Scripting (XSS) in Optimole <= 4.2.7 versions.
CVE-2026-57356 Unauthenticated Cross Site Scripting (XSS) in MC Woocommerce Wishlist <= 1.9.19 versions.
CVE-2026-57354 Subscriber Cross Site Scripting (XSS) in JetReviews <= 3.0.0.1 versions.
CVE-2026-57358 Cross-Site Scripting (XSS) in CVE-2026-57358 (CVE-2026-57358)
CVE-2026-57625 Cross-Site Scripting (XSS) in CVE-2026-57625 (CVE-2026-57625)
CVE-2026-57672 Unauthenticated Cross Site Scripting (XSS) in wpDataTables <= 6.5.1.1 versions.
CVE-2026-57350 Unauthenticated Cross Site Scripting (XSS) in WP Debugging <= 2.12.2 versions.
CVE-2026-57351 Unauthenticated Cross Site Scripting (XSS) in HandL UTM Grabber <= 2.9.2 versions.
CVE-2026-57678 Cross-Site Scripting (XSS) in CVE-2026-57678 (CVE-2026-57678)
CVE-2026-57361 Unauthenticated Cross Site Scripting (XSS) in Survey Maker <= 5.2.2.5 versions.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →