CWE-79 在Web页面生成时对输入的转义处理不恰当(跨站脚本) 类弱点 22584 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-79 即跨站脚本攻击,属于输入验证类漏洞。攻击者通过在网页中注入恶意脚本,利用服务器未正确过滤用户输入的特性,使受害者在浏览器中执行非预期代码,从而窃取会话令牌或篡改页面内容。开发者应避免此类风险,需严格对用户输入进行白名单验证,并在输出到 HTML 时实施上下文相关的编码与转义,确保危险字符被正确中和。
$username = $_GET['username']; echo '<div class="header"> Welcome, ' . $username . '</div>';http://trustedSite.example.com/welcome.php?username=<Script Language="Javascript">alert("You've been attacked!");</Script><% String eid = request.getParameter("eid"); %> ... Employee ID: <%= eid %><% protected System.Web.UI.WebControls.TextBox Login; protected System.Web.UI.WebControls.Label EmployeeID; ... EmployeeID.Text = Login.Text; %> <p><asp:label id="EmployeeID" runat="server" /></p>| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2022-2691 | Wedding Hall Booking System 跨站脚本漏洞 — Wedding Hall Booking System | 3.5 | Low | 2022-08-06 |
| CVE-2022-2690 | Wedding Hall Booking System 跨站脚本漏洞 — Wedding Hall Booking System | 3.5 | Low | 2022-08-06 |
| CVE-2022-2689 | Wedding Hall Booking System 跨站脚本漏洞 — Wedding Hall Booking System | 3.5 | Low | 2022-08-06 |
| CVE-2022-2686 | Fast Food Ordering System 跨站脚本漏洞 — Fast Food Ordering System | 3.5 | Low | 2022-08-06 |
| CVE-2022-2685 | Interview Management System 跨站脚本漏洞 — Interview Management System | 3.5 | Low | 2022-08-05 |
| CVE-2022-2684 | Apartment Visitor Management System 跨站脚本漏洞 — Apartment Visitor Management System | 3.5 | Low | 2022-08-05 |
| CVE-2022-2683 | Simple Food Ordering System 跨站脚本漏洞 — Simple Food Ordering System | 3.5 | Low | 2022-08-05 |
| CVE-2022-2682 | Alphaware Simple E-Commerce System 跨站脚本漏洞 — Alphaware Simple E-Commerce System | 3.5 | Low | 2022-08-05 |
| CVE-2022-2681 | Online Student Admission System 跨站脚本漏洞 — Online Student Admission System | 3.5 | Low | 2022-08-05 |
| CVE-2021-46678 | Artica Pandora FMS 跨站脚本漏洞 — Pandora FMS | 4.0 | Medium | 2022-08-05 |
| CVE-2021-46680 | Artica Pandora FMS 跨站脚本漏洞 — Pandora FMS | 4.0 | Medium | 2022-08-05 |
| CVE-2021-46677 | Artica Pandora FMS 跨站脚本漏洞 — Pandora FMS | 4.0 | Medium | 2022-08-05 |
| CVE-2021-46676 | Artica Pandora FMS 跨站脚本漏洞 — Pandora FMS | 4.0 | Medium | 2022-08-05 |
| CVE-2021-46679 | Artica Pandora FMS 跨站脚本漏洞 — Pandora FMS | 4.0 | Medium | 2022-08-05 |
| CVE-2021-46681 | Artica Pandora FMS 跨站脚本漏洞 — Pandora FMS | 4.0 | Medium | 2022-08-05 |
| CVE-2022-34768 | Supersmart 安全漏洞 — eHarmony | 6.5 | Medium | 2022-08-05 |
| CVE-2020-1691 | Moodle 跨站脚本漏洞 — Moodle | 5.4 | - | 2022-08-05 |
| CVE-2022-2646 | Online Admission System 跨站脚本漏洞 — Online Admission System | 3.5 | Low | 2022-08-04 |
| CVE-2022-2645 | SourceCodester Garage Management System 跨站脚本漏洞 — Garage Management System | 3.5 | Low | 2022-08-04 |
| CVE-2022-31175 | CKEditor 跨站脚本漏洞 — ckeditor5 | 5.8 | Medium | 2022-08-03 |
| CVE-2022-23733 | GitHub Enterprise Server 跨站脚本漏洞 — GitHub Enterprise Server | 5.4 | - | 2022-08-02 |
| CVE-2022-31192 | Dspace 跨站脚本漏洞 — DSpace | 7.1 | High | 2022-08-01 |
| CVE-2022-31191 | Dspace 跨站脚本漏洞 — DSpace | 7.1 | High | 2022-08-01 |
| CVE-2022-31148 | Shopware 跨站脚本漏洞 — shopware | 5.4 | Medium | 2022-08-01 |
| CVE-2022-31109 | Laminas Project diactoros 环境问题漏洞 — laminas-diactoros | 7.2 | High | 2022-08-01 |
| CVE-2022-2589 | fava 跨站脚本漏洞 — beancount/fava | 6.1 | - | 2022-08-01 |
| CVE-2022-36343 | WordPress plugin Enable SVG, WebP & ICO Upload 跨站脚本漏洞 — Enable SVG, WebP & ICO Upload (WordPress plugin) | 3.4 | Low | 2022-08-01 |
| CVE-2022-2328 | WordPress plugin Flexi Quote Rotator 跨站脚本漏洞 — Flexi Quote Rotator | 4.8 | - | 2022-08-01 |
| CVE-2022-2325 | WordPress plugin Invitation Based Registrations 跨站脚本漏洞 — Invitation Based Registrations | 4.8 | - | 2022-08-01 |
| CVE-2022-2305 | WordPress plugin Popup 跨站脚本漏洞 — Popups – WordPress Popup | 4.8 | - | 2022-08-01 |
CWE-79(在Web页面生成时对输入的转义处理不恰当(跨站脚本)) 是常见的弱点类别,本平台收录该类弱点关联的 22584 条 CVE 漏洞。