Cross-Site Scripting

⚔️ Attack Types Related 27
slug: xss

Explanation

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。 例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。 対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。
📌 Example
2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,314

ID Title
CVE-2020-23450 Cross-Site Scripting (XSS) in spiceworks (CVE-2020-23450)
CVE-2020-13153 Cross-Site Scripting (XSS) in misp-project (CVE-2020-13153)
CVE-2019-11814 Cross-Site Scripting (XSS) in misp-project (CVE-2019-11814)
CVE-2019-11813 Cross-Site Scripting (XSS) in misp-project (CVE-2019-11813)
CVE-2019-11812 Cross-Site Scripting (XSS) in misp-project (CVE-2019-11812)
CVE-2022-29005 Cross-Site Scripting (XSS) in phpgurukul (CVE-2022-29005)
CVE-2022-29004 Cross-Site Scripting (XSS) in phpgurukul (CVE-2022-29004)
CVE-2022-0900 Cross-Site Scripting (XSS) in netdatasoft (CVE-2022-0900)
CVE-2018-7795 Cross-Site Scripting (XSS) in schneider-electric (CVE-2018-7795)
CVE-2020-22985 Cross-Site Scripting (XSS) in microstrategy (CVE-2020-22985)
CVE-2020-22987 Cross-Site Scripting (XSS) in microstrategy (CVE-2020-22987)
CVE-2020-22986 Cross-Site Scripting (XSS) in microstrategy (CVE-2020-22986)
CVE-2020-22984 Cross-Site Scripting (XSS) in microstrategy (CVE-2020-22984)
CVE-2022-28077 Cross-Site Scripting (XSS) in home-owners-collection-management-system-project (CVE-2022-28077)
CVE-2022-28078 Cross-Site Scripting (XSS) in home-owners-collection-management-system-project (CVE-2022-28078)
CVE-2021-43712 Cross-Site Scripting (XSS) in employee-daily-task-management-system-project (CVE-2021-43712)
CVE-2021-31673 Cross-Site Scripting (XSS) in cyclos (CVE-2021-31673)
CVE-2022-28102 Cross-Site Scripting (XSS) in php-mysql-admin-panel-generator-project (CVE-2022-28102)
CVE-2022-26597 Cross-Site Scripting (XSS) in liferay (CVE-2022-26597)
CVE-2022-26596 Cross-Site Scripting (XSS) in liferay (CVE-2022-26596)
CVE-2022-28094 Cross-Site Scripting (XSS) in online-sports-complex-booking-system-project (CVE-2022-28094)
CVE-2022-29529 An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.
CVE-2022-29530 An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.
CVE-2022-29532 Cross-Site Scripting (XSS) in misp-project (CVE-2022-29532)
CVE-2022-29533 Cross-Site Scripting (XSS) in misp-project (CVE-2022-29533)
CVE-2022-29531 Cross-Site Scripting (XSS) in misp-project (CVE-2022-29531)
CVE-2022-26593 Cross-Site Scripting (XSS) in liferay (CVE-2022-26593)
CVE-2022-26594 Cross-Site Scripting (XSS) in liferay (CVE-2022-26594)
CVE-2021-43432 Cross-Site Scripting (XSS) in exrick (CVE-2021-43432)
CVE-2021-42868 Cross-Site Scripting (XSS) in chikitsa (CVE-2021-42868)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →