Cross-Site Scripting

⚔️ Attack Types Related 27
slug: xss

Explanation

XSSは「Webページの中に、攻撃者の悪意あるJavaScriptを忍び込ませる」攻撃です。 例えば掲示板に `<script>盗む()</script>` のような投稿をして、それを見た他のユーザーのCookie (ログイン情報) を盗む、といった攻撃が典型的です。 対策は「ユーザー入力を画面に出すときに、HTMLとして無害化 (エスケープ) する」こと。多くのフレームワークでは標準で対策されています。
📌 Example
2005年MySpaceワーム「Samy」: 1人の投稿が見るだけで他人のプロフィールにコピーされ、24時間で100万人に感染した有名事件。

🔖 Related tags

🛡 Vulnerabilities tagged with this 3,310

ID Title
CVE-2016-8968 Cross-Site Scripting (XSS) in ibm (CVE-2016-8968)
CVE-2017-2969 Cross-Site Scripting (XSS) in adobe (CVE-2017-2969)
CVE-2017-1121 Cross-Site Scripting (XSS) in ibm (CVE-2017-1121)
CVE-2016-9371 Cross-Site Scripting (XSS) in moxa (CVE-2016-9371)
CVE-2017-5157 Cross-Site Scripting (XSS) in schneider-electric (CVE-2017-5157)
CVE-2017-5164 Cross-Site Scripting (XSS) in binom3 (CVE-2017-5164)
CVE-2016-2274 Cross-Site Scripting (XSS) in adcon-telemetry (CVE-2016-2274)
CVE-2016-5811 Cross-Site Scripting (XSS) in visonic (CVE-2016-5811)
CVE-2016-8356 Cross-Site Scripting (XSS) in kabona-ab (CVE-2016-8356)
CVE-2016-8359 Cross-Site Scripting (XSS) in moxa (CVE-2016-8359)
CVE-2014-9760 Cross-Site Scripting (XSS) in gosa-project (CVE-2014-9760)
CVE-2017-3902 Cross-Site Scripting (XSS) in mcafee (CVE-2017-3902)
CVE-2017-5942 Cross-Site Scripting (XSS) in wordpress (CVE-2017-5942)
CVE-2016-4988 Cross-Site Scripting (XSS) in jenkins (CVE-2016-4988)
CVE-2015-8831 Cross-Site Scripting (XSS) in dotclear (CVE-2015-8831)
CVE-2015-8936 Cross-Site Scripting (XSS) in squidguard (CVE-2015-8936)
CVE-2016-3101 Cross-Site Scripting (XSS) in jenkins (CVE-2016-3101)
CVE-2016-0305 Cross-Site Scripting (XSS) in ibm (CVE-2016-0305)
CVE-2016-5902 Cross-Site Scripting (XSS) in ibm (CVE-2016-5902)
CVE-2016-6032 Cross-Site Scripting (XSS) in ibm (CVE-2016-6032)
CVE-2017-1127 Cross-Site Scripting (XSS) in ibm (CVE-2017-1127)
CVE-2017-1128 Cross-Site Scripting (XSS) in ibm (CVE-2017-1128)
CVE-2016-6096 Cross-Site Scripting (XSS) in ibm (CVE-2016-6096)
CVE-2017-5367 Cross-Site Scripting (XSS) in zoneminder (CVE-2017-5367)
CVE-2017-5875 Cross-Site Scripting (XSS) in dotcms (CVE-2017-5875)
CVE-2017-5876 Cross-Site Scripting (XSS) in dotcms (CVE-2017-5876)
CVE-2017-5877 Cross-Site Scripting (XSS) in dotcms (CVE-2017-5877)
CVE-2017-5882 Cross-Site Scripting (XSS) in sanadata (CVE-2017-5882)
CVE-2016-7147 Cross-Site Scripting (XSS) in plone (CVE-2016-7147)
CVE-2016-0919 Cross-Site Scripting (XSS) in rsa (CVE-2016-0919)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →