Cross-Site Scripting

⚔️ Attack Types Liées 27
slug: xss

Explication

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。 例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。 対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。
📌 Exemple
2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Étiquettes liées

🛡 Vulnérabilités associées 3,310

ID Titre
CVE-2026-56072 Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.
CVE-2026-57314 Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions.
CVE-2026-57313 Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions.
CVE-2026-57317 Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.
CVE-2026-57618 Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.
CVE-2026-57325 Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.
CVE-2026-57617 Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.
CVE-2026-57322 Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.
CVE-2026-57319 Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.
CVE-2026-57431 Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.
CVE-2026-57629 Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions.
CVE-2026-56039 Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions.
CVE-2026-56044 Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.
CVE-2026-56047 Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions.
CVE-2026-56045 Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.
CVE-2026-56040 Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions.
CVE-2026-56043 Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
CVE-2026-56046 Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions.
CVE-2026-56041 Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions.
CVE-2026-56011 Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.
CVE-2025-68074 Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions.
CVE-2025-68075 Contributor Cross Site Scripting (XSS) in BNE Testimonials <= 2.0.8 versions.
CVE-2026-57620 XSS (Cross-Site Scripting) dans CVE-2026-57620 (CVE-2026-57620)
CVE-2026-6658 XSS (Cross-Site Scripting) dans CVE-2026-6658 (CVE-2026-6658)
CVE-2026-50740 XSS (Cross-Site Scripting) dans revive-adserver (CVE-2026-50740)
CVE-2026-50742 XSS (Cross-Site Scripting) dans revive-adserver (CVE-2026-50742)
CVE-2026-8661 XSS (Cross-Site Scripting) dans CVE-2026-8661 (CVE-2026-8661)
CVE-2026-13083 XSS (Cross-Site Scripting) dans redhat (CVE-2026-13083)
CVE-2020-37256 XSS (Cross-Site Scripting) dans getgrav (CVE-2020-37256)
CVE-2026-9086 XSS (Cross-Site Scripting) dans redhat (CVE-2026-9086)

🍪 À propos des cookies

Nous utilisons des cookies pour conserver votre session, mémoriser la langue et améliorer le service.

En savoir plus →