Cross-Site Scripting

⚔️ Attack Types Related 27
slug: xss

Explanation

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。 例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。 対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。
📌 Example
2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,314

ID Title
CVE-2015-7879 Cross-Site Scripting (XSS) in drupal (CVE-2015-7879)
CVE-2017-14239 Cross-Site Scripting (XSS) in c (CVE-2017-14239)
CVE-2017-14241 Cross-Site Scripting (XSS) in dolibarr (CVE-2017-14241)
CVE-2017-14268 Cross-Site Scripting (XSS) in ee (CVE-2017-14268)
CVE-2017-8041 Cross-Site Scripting (XSS) in vmware (CVE-2017-8041)
CVE-2017-11611 Cross-Site Scripting (XSS) in wolfcms (CVE-2017-11611)
CVE-2017-14219 Cross-Site Scripting (XSS) in intelbras (CVE-2017-14219)
CVE-2017-12212 Cross-Site Scripting (XSS) in cisco (CVE-2017-12212)
CVE-2017-12220 Cross-Site Scripting (XSS) in cisco (CVE-2017-12220)
CVE-2017-12221 Cross-Site Scripting (XSS) in cisco (CVE-2017-12221)
CVE-2017-6789 Cross-Site Scripting (XSS) in cisco (CVE-2017-6789)
CVE-2015-3169 Cross-site scripting (XSS) vulnerability in askbot 0.7.51-4.el6.noarch.
CVE-2015-4721 Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1.
CVE-2015-5060 Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev.
CVE-2015-7672 Cross-Site Scripting (XSS) in centreon (CVE-2015-7672)
CVE-2017-14192 Cross-Site Scripting (XSS) in finecms-project (CVE-2017-14192)
CVE-2017-14193 Cross-Site Scripting (XSS) in finecms-project (CVE-2017-14193)
CVE-2017-14194 Cross-Site Scripting (XSS) in finecms-project (CVE-2017-14194)
CVE-2017-14195 Cross-Site Scripting (XSS) in finecms-project (CVE-2017-14195)
CVE-2017-1098 Cross-Site Scripting (XSS) in ibm (CVE-2017-1098)
CVE-2017-1189 Cross-Site Scripting (XSS) in ibm (CVE-2017-1189)
CVE-2017-1502 Cross-Site Scripting (XSS) in ibm (CVE-2017-1502)
CVE-2017-12416 Cross-Site Scripting (XSS) in paloaltonetworks (CVE-2017-12416)
CVE-2017-12794 Cross-Site Scripting (XSS) in django (CVE-2017-12794)
CVE-2017-12906 Cross-Site Scripting (XSS) in nexusphp-project (CVE-2017-12906)
CVE-2017-13754 Cross-Site Scripting (XSS) in wibu (CVE-2017-13754)
CVE-2015-3162 Cross-Site Scripting (XSS) in beaker-project (CVE-2015-3162)
CVE-2015-3454 Information Disclosure in vulcanjs (CVE-2015-3454)
CVE-2017-1457 Cross-Site Scripting (XSS) in ibm (CVE-2017-1457)
CVE-2017-14126 The Participants Database plugin before 1.7.5.10 for WordPress has XSS.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →