Cross-Site Scripting

⚔️ Attack Types Related 27
slug: xss

Explanation

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。 例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。 対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。
📌 Example
2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,314

ID Title
CVE-2026-13443 Cross-Site Scripting (XSS) in wordpress (CVE-2026-13443)
CVE-2026-13015 Cross-Site Scripting (XSS) in wordpress (CVE-2026-13015)
CVE-2026-56356 Cross-Site Scripting (XSS) in n8n (CVE-2026-56356)
CVE-2026-50040 Cross-Site Scripting (XSS) in CVE-2026-50040 (CVE-2026-50040)
CVE-2026-28322 Vulnerability in CVE-2026-28322 (CVE-2026-28322)
CVE-2026-10585 Cross-Site Scripting (XSS) in c (CVE-2026-10585)
CVE-2025-36323 Cross-Site Scripting (XSS) in ibm (CVE-2025-36323)
CVE-2026-11594 Cross-Site Scripting (XSS) in ibm (CVE-2026-11594)
CVE-2026-11712 Cross-Site Scripting (XSS) in ibm (CVE-2026-11712)
CVE-2025-36320 Cross-Site Scripting (XSS) in ibm (CVE-2025-36320)
CVE-2026-11708 Cross-Site Scripting (XSS) in ibm (CVE-2026-11708)
CVE-2026-10513 Cross-Site Scripting (XSS) in wordpress (CVE-2026-10513)
CVE-2026-48307 Cross-Site Scripting (XSS) in adobe (CVE-2026-48307)
CVE-2026-8403 Cross-Site Scripting (XSS) in CVE-2026-8403 (CVE-2026-8403)
CVE-2026-52760 Cross-Site Scripting (XSS) in apache (CVE-2026-52760)
CVE-2026-6954 Cross-Site Scripting (XSS) in CVE-2026-6954 (CVE-2026-6954)
CVE-2026-8141 Cross-Site Scripting (XSS) in wordpress (CVE-2026-8141)
CVE-2026-11589 Vulnerability in wordpress (CVE-2026-11589)
CVE-2026-56809 Cross-Site Scripting (XSS) in jvn (CVE-2026-56809)
CVE-2026-12560 Cross-Site Scripting (XSS) in wordpress (CVE-2026-12560)
CVE-2026-12114 Cross-Site Scripting (XSS) in wordpress (CVE-2026-12114)
CVE-2026-50229 Vulnerability in apache (CVE-2026-50229)
CVE-2026-54889 Cross-Site Scripting (XSS) in CVE-2026-54889 (CVE-2026-54889)
CVE-2026-53427 Cross-Site Scripting (XSS) in CVE-2026-53427 (CVE-2026-53427)
CVE-2026-57958 Cross-Site Scripting (XSS) in laravel (CVE-2026-57958)
CVE-2026-57948 Vulnerability in CVE-2026-57948 (CVE-2026-57948)
CVE-2026-57320 Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.
CVE-2026-57333 Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
CVE-2026-57337 Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
CVE-2026-57326 Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6.4.22 versions.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →