Cross-Site Scripting

⚔️ Attack Types Related 27
slug: xss

Explanation

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。 例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。 対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。
📌 Example
2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,314

ID Title
CVE-2017-2336 Cross-Site Scripting (XSS) in juniper (CVE-2017-2336)
CVE-2017-1000065 Cross-Site Scripting (XSS) in openmediavault (CVE-2017-1000065)
CVE-2017-1000078 Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration
CVE-2017-1000033 Cross-Site Scripting (XSS) in wordpress (CVE-2017-1000033)
CVE-2017-1000035 Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack
CVE-2017-1000038 Cross-Site Scripting (XSS) in wordpress (CVE-2017-1000038)
CVE-2017-1000051 Cross-Site Scripting (XSS) in xwiki (CVE-2017-1000051)
CVE-2017-1000054 Cross-Site Scripting (XSS) in rocketchat (CVE-2017-1000054)
CVE-2017-1000058 Cross-Site Scripting (XSS) in chevereto (CVE-2017-1000058)
CVE-2017-1000059 Cross-Site Scripting (XSS) in livehelperchat (CVE-2017-1000059)
CVE-2017-1000063 Cross-Site Scripting (XSS) in kitto-project (CVE-2017-1000063)
CVE-2017-1000005 Cross-Site Scripting (XSS) in phpminiadmin-project (CVE-2017-1000005)
CVE-2017-1000006 Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue.
CVE-2017-1000011 Cross-Site Scripting (XSS) in mywebsql (CVE-2017-1000011)
CVE-2017-1000012 Cross-Site Scripting (XSS) in mysqldumper (CVE-2017-1000012)
CVE-2017-1000023 Cross-Site Scripting (XSS) in logicaldoc (CVE-2017-1000023)
CVE-2017-1000032 Cross-Site Scripting (XSS) in cacti (CVE-2017-1000032)
CVE-2016-6019 Cross-Site Scripting (XSS) in ibm (CVE-2016-6019)
CVE-2016-8952 Cross-Site Scripting (XSS) in ibm (CVE-2016-8952)
CVE-2017-11198 Cross-Site Scripting (XSS) in finecms-project (CVE-2017-11198)
CVE-2017-11201 Cross-Site Scripting (XSS) in finecms-project (CVE-2017-11201)
CVE-2017-11202 Cross-Site Scripting (XSS) in finecms-project (CVE-2017-11202)
CVE-2017-11194 Cross-Site Scripting (XSS) in pulsesecure (CVE-2017-11194)
CVE-2017-11195 Cross-Site Scripting (XSS) in pulsesecure (CVE-2017-11195)
CVE-2016-6114 Cross-Site Scripting (XSS) in ibm (CVE-2016-6114)
CVE-2016-8946 Cross-Site Scripting (XSS) in ibm (CVE-2016-8946)
CVE-2016-8948 Cross-Site Scripting (XSS) in ibm (CVE-2016-8948)
CVE-2016-8950 Cross-Site Scripting (XSS) in ibm (CVE-2016-8950)
CVE-2017-1321 Cross-Site Scripting (XSS) in ibm (CVE-2017-1321)
CVE-2017-11179 Cross-Site Scripting (XSS) in finecms-project (CVE-2017-11179)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →