Cross-Site Scripting

⚔️ Attack Types Related 27
slug: xss

Explanation

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。 例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。 対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。
📌 Example
2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,314

ID Title
CVE-2017-7296 Cross-Site Scripting (XSS) in contiki-os (CVE-2017-7296)
CVE-2017-3129 Cross-Site Scripting (XSS) in fortinet (CVE-2017-3129)
CVE-2017-7339 Cross-Site Scripting (XSS) in fortinet (CVE-2017-7339)
CVE-2017-1291 Cross-Site Scripting (XSS) in ibm (CVE-2017-1291)
CVE-2017-1325 Cross-Site Scripting (XSS) in ibm (CVE-2017-1325)
CVE-2017-9037 Cross-Site Scripting (XSS) in trendmicro (CVE-2017-9037)
CVE-2017-9032 Cross-Site Scripting (XSS) in trendmicro (CVE-2017-9032)
CVE-2016-0781 Cross-Site Scripting (XSS) in cloudfoundry (CVE-2016-0781)
CVE-2017-3128 Cross-Site Scripting (XSS) in fortinet (CVE-2017-3128)
CVE-2017-7288 Cross-Site Scripting (XSS) in synacor (CVE-2017-7288)
CVE-2015-8477 Cross-Site Scripting (XSS) in redmine (CVE-2015-8477)
CVE-2017-5870 Cross-Site Scripting (XSS) in vimbadmin (CVE-2017-5870)
CVE-2015-5381 Cross-Site Scripting (XSS) in roundcube (CVE-2015-5381)
CVE-2017-1282 Cross-Site Scripting (XSS) in ibm (CVE-2017-1282)
CVE-2017-1320 Cross-Site Scripting (XSS) in ibm (CVE-2017-1320)
CVE-2016-4903 Cross-Site Scripting (XSS) in wordpress (CVE-2016-4903)
CVE-2017-2168 Cross-Site Scripting (XSS) in wpbookingsystem (CVE-2017-2168)
CVE-2017-2169 Cross-Site Scripting (XSS) in maxbuttons-project (CVE-2017-2169)
CVE-2017-2171 Cross-Site Scripting (XSS) in bestwebsoft (CVE-2017-2171)
CVE-2017-2173 Cross-Site Scripting (XSS) in ipa (CVE-2017-2173)
CVE-2017-2174 Cross-Site Scripting (XSS) in ipa (CVE-2017-2174)
CVE-2017-9140 Cross-Site Scripting (XSS) in csharp (CVE-2017-9140)
CVE-2017-2549 Cross-Site Scripting (XSS) in apple (CVE-2017-2549)
CVE-2017-2528 Cross-Site Scripting (XSS) in apple (CVE-2017-2528)
CVE-2017-2504 Cross-Site Scripting (XSS) in apple (CVE-2017-2504)
CVE-2017-2508 Cross-Site Scripting (XSS) in apple (CVE-2017-2508)
CVE-2017-2510 Cross-Site Scripting (XSS) in apple (CVE-2017-2510)
CVE-2017-6654 Cross-Site Scripting (XSS) in cisco (CVE-2017-6654)
CVE-2017-4978 Cross-Site Scripting (XSS) in rsa (CVE-2017-4978)
CVE-2017-9072 Cross-Site Scripting (XSS) in calendarxp (CVE-2017-9072)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →