Cross-Site Scripting

⚔️ Attack Types Related 27
slug: xss

Explanation

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。 例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。 対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。
📌 Example
2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,314

ID Title
CVE-2017-10838 Cross-Site Scripting (XSS) in seopanel (CVE-2017-10838)
CVE-2017-10840 Cross-Site Scripting (XSS) in webcalendar-project (CVE-2017-10840)
CVE-2017-2255 Cross-Site Scripting (XSS) in cybozu (CVE-2017-2255)
CVE-2017-2256 Cross-Site Scripting (XSS) in cybozu (CVE-2017-2256)
CVE-2017-2257 Cross-Site Scripting (XSS) in cybozu (CVE-2017-2257)
CVE-2016-9732 Cross-Site Scripting (XSS) in ibm (CVE-2016-9732)
CVE-2017-9979 Cross-Site Scripting (XSS) in osnexus (CVE-2017-9979)
CVE-2013-7430 Cross-Site Scripting (XSS) in mapsplugin (CVE-2013-7430)
CVE-2015-1177 Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2.
CVE-2015-2046 Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20.
CVE-2015-3976 Cross-Site Scripting (XSS) in ge (CVE-2015-3976)
CVE-2014-0141 Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3.
CVE-2014-4925 Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40.
CVE-2014-8753 Multiple cross-site scripting (XSS) vulnerabilities in Cit-e-Net Cit-e-Access 6.
CVE-2014-9469 Cross-Site Scripting (XSS) in vbulletin (CVE-2014-9469)
CVE-2014-9514 Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5.
CVE-2014-9557 Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2.
CVE-2015-0101 Cross-Site Scripting (XSS) in express (CVE-2015-0101)
CVE-2014-9564 Vulnerability in ibm (CVE-2014-9564)
CVE-2015-3257 Cross-Site Scripting (XSS) in zend (CVE-2015-3257)
CVE-2017-13697 controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable.
CVE-2015-4699 Cross-Site Scripting (XSS) in cloud4wi (CVE-2015-4699)
CVE-2017-12879 Cross-Site Scripting (XSS) in paessler (CVE-2017-12879)
CVE-2017-13671 Cross-Site Scripting (XSS) in misp (CVE-2017-13671)
CVE-2017-9555 Cross-Site Scripting (XSS) in synology (CVE-2017-9555)
CVE-2017-9507 Cross-Site Scripting (XSS) in atlassian (CVE-2017-9507)
CVE-2017-9508 Cross-Site Scripting (XSS) in atlassian (CVE-2017-9508)
CVE-2017-9509 Cross-Site Scripting (XSS) in atlassian (CVE-2017-9509)
CVE-2017-9510 Cross-Site Scripting (XSS) in atlassian (CVE-2017-9510)
CVE-2017-9506 SSRF (Server-Side Request Forgery) in ssrf (CVE-2017-9506)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →