Cross-Site Scripting

⚔️ Attack Types Related 27
slug: xss

Explanation

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。 例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。 対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。
📌 Example
2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,310

ID Title
CVE-2026-56072 Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.
CVE-2026-57314 Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions.
CVE-2026-57313 Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions.
CVE-2026-57317 Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.
CVE-2026-57618 Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.
CVE-2026-57325 Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.
CVE-2026-57617 Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.
CVE-2026-57322 Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.
CVE-2026-57319 Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.
CVE-2026-57431 Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.
CVE-2026-57629 Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions.
CVE-2026-56039 Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions.
CVE-2026-56044 Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.
CVE-2026-56047 Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions.
CVE-2026-56045 Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.
CVE-2026-56040 Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions.
CVE-2026-56043 Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
CVE-2026-56046 Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions.
CVE-2026-56041 Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions.
CVE-2026-56011 Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.
CVE-2025-68074 Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions.
CVE-2025-68075 Contributor Cross Site Scripting (XSS) in BNE Testimonials <= 2.0.8 versions.
CVE-2026-57620 Cross-Site Scripting (XSS) in CVE-2026-57620 (CVE-2026-57620)
CVE-2026-6658 Cross-Site Scripting (XSS) in CVE-2026-6658 (CVE-2026-6658)
CVE-2026-50740 Cross-Site Scripting (XSS) in revive-adserver (CVE-2026-50740)
CVE-2026-50742 Cross-Site Scripting (XSS) in revive-adserver (CVE-2026-50742)
CVE-2026-8661 Cross-Site Scripting (XSS) in CVE-2026-8661 (CVE-2026-8661)
CVE-2026-13083 Cross-Site Scripting (XSS) in redhat (CVE-2026-13083)
CVE-2020-37256 Cross-Site Scripting (XSS) in getgrav (CVE-2020-37256)
CVE-2026-9086 Cross-Site Scripting (XSS) in redhat (CVE-2026-9086)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →