Cross-Site Scripting

⚔️ Attack Types Related 27
slug: xss

Explanation

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。 例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。 対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。
📌 Example
2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,314

ID Title
CVE-2026-30691 Cross-Site Scripting (XSS) in @cyntler/react-doc-viewer (CVE-2026-30691)
CVE-2026-7613 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7613)
CVE-2026-44924 InfoScale VIOM 9.1.3 allows XSS.
CVE-2026-4293 Cross-Site Scripting (XSS) in CVE-2026-4293 (CVE-2026-4293)
CVE-2026-5783 Cross-Site Scripting (XSS) in CVE-2026-5783 (CVE-2026-5783)
CVE-2026-24573 Cross-Site Scripting (XSS) in CVE-2026-24573 (CVE-2026-24573)
CVE-2026-6405 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6405)
CVE-2026-5776 Vulnerability in wordpress (CVE-2026-5776)
CVE-2026-2955 Cross-Site Scripting (XSS) in wordpress (CVE-2026-2955)
CVE-2026-9056 Vulnerability in CVE-2026-9056 (CVE-2026-9056)
CVE-2026-7460 Cross-Site Scripting (XSS) in CVE-2026-7460 (CVE-2026-7460)
CVE-2026-8626 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8626)
CVE-2026-8624 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8624)
CVE-2026-8627 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8627)
CVE-2026-7462 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7462)
CVE-2026-8038 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8038)
CVE-2026-6404 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6404)
CVE-2026-6549 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6549)
CVE-2026-5293 Cross-Site Scripting (XSS) in wordpress (CVE-2026-5293)
CVE-2026-6395 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6395)
CVE-2026-6397 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6397)
CVE-2026-6399 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6399)
CVE-2026-6365 Cross-Site Scripting (XSS) in drupal (CVE-2026-6365)
CVE-2026-6367 Cross-Site Scripting (XSS) in drupal (CVE-2026-6367)
CVE-2026-6871 Cross-Site Scripting (XSS) in drupal (CVE-2026-6871)
CVE-2026-6095 Cross-Site Scripting (XSS) in drupal (CVE-2026-6095)
CVE-2026-34246 Vulnerability in privilege-escalation (CVE-2026-34246)
CVE-2026-34241 Cross-Site Scripting (XSS) in CVE-2026-34241 (CVE-2026-34241)
CVE-2026-33741 Cross-Site Scripting (XSS) in CVE-2026-33741 (CVE-2026-33741)
CVE-2026-46426 Unrestricted File Upload in budibase (CVE-2026-46426)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →