Cross-Site Scripting

⚔️ Attack Types Related 27
slug: xss

Explanation

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。 例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。 対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。
📌 Example
2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,314

ID Title
CVE-2026-44990 Cross-Site Scripting (XSS) in sanitize-html (CVE-2026-44990)
CVE-2026-42159 Cross-Site Scripting (XSS) in flowsint (CVE-2026-42159)
CVE-2026-21730 Cross-Site Scripting (XSS) in verint (CVE-2026-21730)
CVE-2026-41932 Cross-Site Scripting (XSS) in CVE-2026-41932 (CVE-2026-41932)
CVE-2026-1630 Cross-Site Scripting (XSS) in CVE-2026-1630 (CVE-2026-1630)
CVE-2026-24710 Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.
CVE-2026-42457 Cross-Site Scripting (XSS) in CVE-2026-42457 (CVE-2026-42457)
CVE-2026-5790 Cross-Site Scripting (XSS) in CVE-2026-5790 (CVE-2026-5790)
CVE-2026-43644 Cross-Site Scripting (XSS) in github.com/stefanprodan/podinfo (CVE-2026-43644)
CVE-2026-6504 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6504)
CVE-2026-6174 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6174)
CVE-2026-6252 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6252)
CVE-2026-3718 Cross-Site Scripting (XSS) in wordpress (CVE-2026-3718)
CVE-2026-3694 Cross-Site Scripting (XSS) in wordpress (CVE-2026-3694)
CVE-2025-15345 Vulnerability in wordpress (CVE-2025-15345)
CVE-2026-6417 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6417)
CVE-2026-5243 Cross-Site Scripting (XSS) in wordpress (CVE-2026-5243)
CVE-2026-5361 Cross-Site Scripting (XSS) in wordpress (CVE-2026-5361)
CVE-2026-45228 Cross-Site Scripting (XSS) in vue (CVE-2026-45228)
CVE-2026-21821 Vulnerability in CVE-2026-21821 (CVE-2026-21821)
CVE-2025-27852 Cross-Site Scripting (XSS) in garmin (CVE-2025-27852)
CVE-2026-44376 Cross-Site Scripting (XSS) in CVE-2026-44376 (CVE-2026-44376)
CVE-2026-39428 Cross-Site Scripting (XSS) in CVE-2026-39428 (CVE-2026-39428)
CVE-2026-42548 Cross-Site Scripting (XSS) in flightphp/core (CVE-2026-42548)
CVE-2026-8496 Vulnerability in CVE-2026-8496 (CVE-2026-8496)
CVE-2026-0256 Cross-Site Scripting (XSS) in CVE-2026-0256 (CVE-2026-0256)
CVE-2026-8493 Cross-Site Scripting (XSS) in drupal/colorbox_inline (CVE-2026-8493)
CVE-2020-37225 Cross-Site Scripting (XSS) in CVE-2020-37225 (CVE-2020-37225)
CVE-2020-37222 Cross-Site Scripting (XSS) in c (CVE-2020-37222)
CVE-2020-37174 Cross-Site Scripting (XSS) in CVE-2020-37174 (CVE-2020-37174)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →