Cross-Site Scripting

⚔️ Attack Types Related 27
slug: xss

Explanation

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。 例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。 対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。
📌 Example
2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,314

ID Title
CVE-2025-0546 Cross-Site Scripting (XSS) in CVE-2025-0546 (CVE-2025-0546)
CVE-2025-0420 Cross-Site Scripting (XSS) in CVE-2025-0420 (CVE-2025-0420)
CVE-2025-0419 Cross-Site Scripting (XSS) in CVE-2025-0419 (CVE-2025-0419)
CVE-2024-12796 Cross-Site Scripting (XSS) in CVE-2024-12796 (CVE-2024-12796)
CVE-2025-6575 Cross-Site Scripting (XSS) in dolusoft (CVE-2025-6575)
CVE-2025-57145 Cross-Site Scripting (XSS) in phpgurukul (CVE-2025-57145)
CVE-2025-56293 Cross-Site Scripting (XSS) in fabian (CVE-2025-56293)
CVE-2025-56289 Cross-Site Scripting (XSS) in fabian (CVE-2025-56289)
CVE-2025-8276 Vulnerability in CVE-2025-8276 (CVE-2025-8276)
CVE-2025-2404 Cross-Site Scripting (XSS) in CVE-2025-2404 (CVE-2025-2404)
CVE-2025-52277 Cross-Site Scripting (XSS) in yeswiki (CVE-2025-52277)
CVE-2025-52161 Cross-Site Scripting (XSS) in scholl (CVE-2025-52161)
CVE-2025-8695 Cross-Site Scripting (XSS) in CVE-2025-8695 (CVE-2025-8695)
CVE-2024-13073 Cross-Site Scripting (XSS) in CVE-2024-13073 (CVE-2024-13073)
CVE-2024-13071 Cross-Site Scripting (XSS) in CVE-2024-13071 (CVE-2024-13071)
CVE-2025-0878 Cross-Site Scripting (XSS) in CVE-2025-0878 (CVE-2025-0878)
CVE-2024-13064 Cross-Site Scripting (XSS) in CVE-2024-13064 (CVE-2024-13064)
CVE-2024-12974 Cross-Site Scripting (XSS) in CVE-2024-12974 (CVE-2024-12974)
CVE-2024-12972 Cross-Site Scripting (XSS) in CVE-2024-12972 (CVE-2024-12972)
CVE-2025-55422 In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus.
CVE-2025-56432 Cross-Site Scripting (XSS) in nagios (CVE-2025-56432)
CVE-2025-55409 Cross-Site Scripting (XSS) in foxcms (CVE-2025-55409)
CVE-2025-51965 Cross-Site Scripting (XSS) in CVE-2025-51965 (CVE-2025-51965)
CVE-2025-52335 Cross-Site Scripting (XSS) in eyoucms (CVE-2025-52335)
CVE-2025-45313 Cross-Site Scripting (XSS) in hortusfox (CVE-2025-45313)
CVE-2025-45315 Cross-Site Scripting (XSS) in hortusfox (CVE-2025-45315)
CVE-2025-45314 Cross-Site Scripting (XSS) in hortusfox (CVE-2025-45314)
CVE-2025-51629 Cross-Site Scripting (XSS) in CVE-2025-51629 (CVE-2025-51629)
CVE-2024-52680 Cross-Site Scripting (XSS) in c (CVE-2024-52680)
CVE-2025-51053 Cross-Site Scripting (XSS) in vedo-suite-project (CVE-2025-51053)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →