Cross-Site Scripting

⚔️ Attack Types Related 27
slug: xss

Explanation

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。 例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。 対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。
📌 Example
2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,310

ID Title
CVE-2016-5932 Cross-Site Scripting (XSS) in ibm (CVE-2016-5932)
CVE-2016-8232 Cross-Site Scripting (XSS) in ibm (CVE-2016-8232)
CVE-2016-9259 Cross-Site Scripting (XSS) in tenable (CVE-2016-9259)
CVE-2016-9261 Cross-Site Scripting (XSS) in tenable (CVE-2016-9261)
CVE-2017-2683 Cross-Site Scripting (XSS) in siemens (CVE-2017-2683)
CVE-2017-6099 Cross-Site Scripting (XSS) in paypal (CVE-2017-6099)
CVE-2014-9916 Cross-Site Scripting (XSS) in bilboplanet (CVE-2014-9916)
CVE-2016-5883 Cross-Site Scripting (XSS) in ibm (CVE-2016-5883)
CVE-2016-6055 Cross-Site Scripting (XSS) in ibm (CVE-2016-6055)
CVE-2016-9909 Cross-Site Scripting (XSS) in html5lib (CVE-2016-9909)
CVE-2016-9910 Cross-Site Scripting (XSS) in html5lib (CVE-2016-9910)
CVE-2017-3821 Cross-Site Scripting (XSS) in cisco (CVE-2017-3821)
CVE-2017-3828 Cross-Site Scripting (XSS) in cisco (CVE-2017-3828)
CVE-2017-3829 Cross-Site Scripting (XSS) in cisco (CVE-2017-3829)
CVE-2017-3833 Cross-Site Scripting (XSS) in cisco (CVE-2017-3833)
CVE-2017-3838 Cross-Site Scripting (XSS) in cisco (CVE-2017-3838)
CVE-2017-3845 Cross-Site Scripting (XSS) in cisco (CVE-2017-3845)
CVE-2017-3847 Cross-Site Scripting (XSS) in cisco (CVE-2017-3847)
CVE-2016-9316 Cross-Site Scripting (XSS) in trendmicro (CVE-2016-9316)
CVE-2017-2361 Cross-Site Scripting (XSS) in apple (CVE-2017-2361)
CVE-2016-7762 Cross-Site Scripting (XSS) in apple (CVE-2016-7762)
CVE-2016-7111 Cross-Site Scripting (XSS) in mantisbt (CVE-2016-7111)
CVE-2014-9905 Cross-Site Scripting (XSS) in alinto (CVE-2014-9905)
CVE-2016-5364 Cross-Site Scripting (XSS) in mantisbt (CVE-2016-5364)
CVE-2016-6191 Cross-Site Scripting (XSS) in alinto (CVE-2016-6191)
CVE-2017-5998 Cross-Site Scripting (XSS) in intersect-alliance (CVE-2017-5998)
CVE-2016-9139 Cross-Site Scripting (XSS) in otrs (CVE-2016-9139)
CVE-2016-4316 Cross-Site Scripting (XSS) in wso2 (CVE-2016-4316)
CVE-2016-4327 Cross-Site Scripting (XSS) in wso2 (CVE-2016-4327)
CVE-2016-6062 Cross-Site Scripting (XSS) in ibm (CVE-2016-6062)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →