Cross-Site Scripting

⚔️ Attack Types Related 27
slug: xss

Explanation

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。 例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。 対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。
📌 Example
2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,314

ID Title
CVE-2017-17958 PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter.
CVE-2017-15892 Cross-Site Scripting (XSS) in synology (CVE-2017-15892)
CVE-2017-17937 Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.
CVE-2017-17938 PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter.
CVE-2017-17940 PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php.
CVE-2015-7324 Cross-Site Scripting (XSS) in stackideas (CVE-2015-7324)
CVE-2015-7666 Cross-Site Scripting (XSS) in wordpress (CVE-2015-7666)
CVE-2015-7667 Cross-Site Scripting (XSS) in wordpress (CVE-2015-7667)
CVE-2015-7668 Cross-Site Scripting (XSS) in wordpress (CVE-2015-7668)
CVE-2017-16768 Cross-Site Scripting (XSS) in synology (CVE-2017-16768)
CVE-2017-17904 Cross-Site Scripting (XSS) in fortunescripts (CVE-2017-17904)
CVE-2017-17907 Cross-Site Scripting (XSS) in car-rental-script-project (CVE-2017-17907)
CVE-2017-17909 PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter.
CVE-2017-17911 Cross-Site Scripting (XSS) in archon (CVE-2017-17911)
CVE-2017-17925 Cross-Site Scripting (XSS) in ordermanagementscript (CVE-2017-17925)
CVE-2017-17929 PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter.
CVE-2017-17893 Cross-Site Scripting (XSS) in readymade-video-sharing-script-project (CVE-2017-17893)
CVE-2017-17896 Readymade Job Site Script has XSS via the keyword parameter to the /job URI.
CVE-2017-17868 Cross-Site Scripting (XSS) in liferay (CVE-2017-17868)
CVE-2017-17869 The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.
CVE-2017-17832 Cross-Site Scripting (XSS) in serverscheck (CVE-2017-17832)
CVE-2017-1365 Cross-Site Scripting (XSS) in ibm (CVE-2017-1365)
CVE-2017-15312 Cross-Site Scripting (XSS) in huawei (CVE-2017-15312)
CVE-2017-14363 Cross-Site Scripting (XSS) in microfocus (CVE-2017-14363)
CVE-2017-17828 Cross-Site Scripting (XSS) in doditsolutions (CVE-2017-17828)
CVE-2017-17825 Cross-Site Scripting (XSS) in piwigo (CVE-2017-17825)
CVE-2017-17826 Cross-Site Scripting (XSS) in piwigo (CVE-2017-17826)
CVE-2011-4955 Cross-Site Scripting (XSS) in wordpress (CVE-2011-4955)
CVE-2017-5256 Cross-Site Scripting (XSS) in cambiumnetworks (CVE-2017-5256)
CVE-2017-5257 Cross-Site Scripting (XSS) in cambiumnetworks (CVE-2017-5257)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →