Cross-Site Scripting

⚔️ Attack Types Liées 27
slug: xss

Explication

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。 例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。 対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。
📌 Exemple
2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Étiquettes liées

🛡 Vulnérabilités associées 3,314

ID Titre
CVE-2017-14724 Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.
CVE-2017-14726 XSS (Cross-Site Scripting) dans wordpress (CVE-2017-14726)
CVE-2017-14712 In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.
CVE-2017-14713 In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter.
CVE-2017-14714 In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter.
CVE-2017-14715 In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter.
CVE-2017-14716 In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter.
CVE-2017-14717 In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter.
CVE-2017-14651 XSS (Cross-Site Scripting) dans wso2 (CVE-2017-14651)
CVE-2017-14321 XSS (Cross-Site Scripting) dans mirasvit (CVE-2017-14321)
CVE-2015-3296 XSS (Cross-Site Scripting) dans nodebb (CVE-2015-3296)
CVE-2015-4706 XSS (Cross-Site Scripting) dans ipython (CVE-2015-4706)
CVE-2017-12248 XSS (Cross-Site Scripting) dans cisco (CVE-2017-12248)
CVE-2017-12254 XSS (Cross-Site Scripting) dans cisco (CVE-2017-12254)
CVE-2017-14621 Portus 2.2.0 has XSS via the Team field, related to typeahead.
CVE-2017-14618 XSS (Cross-Site Scripting) dans phpmyfaq (CVE-2017-14618)
CVE-2017-14619 XSS (Cross-Site Scripting) dans phpmyfaq (CVE-2017-14619)
CVE-2015-7347 Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1.
CVE-2014-9758 Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1.
CVE-2015-1866 Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2.
CVE-2015-4707 XSS (Cross-Site Scripting) dans ipython (CVE-2015-4707)
CVE-2015-4072 XSS (Cross-Site Scripting) dans helpdesk-pro-project (CVE-2015-4072)
CVE-2017-14142 XSS (Cross-Site Scripting) dans kaltura (CVE-2017-14142)
CVE-2014-6191 XSS (Cross-Site Scripting) dans ibm (CVE-2014-6191)
CVE-2015-1864 XSS (Cross-Site Scripting) dans kallithea (CVE-2015-1864)
CVE-2015-3299 XSS (Cross-Site Scripting) dans wordpress (CVE-2015-3299)
CVE-2015-3432 XSS (Cross-Site Scripting) dans pydio (CVE-2015-3432)
CVE-2017-14597 XSS (Cross-Site Scripting) dans afterlogic (CVE-2017-14597)
CVE-2014-6106 CSRF dans csrf (CVE-2014-6106)
CVE-2017-12156 Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.

🍪 À propos des cookies

Nous utilisons des cookies pour conserver votre session, mémoriser la langue et améliorer le service.

En savoir plus →