Vulnerabilities > Improper Encoding or Escaping of Output

DATE CVE VULNERABILITY TITLE RISK
2024-06-09 CVE-2024-5585 Improper Encoding or Escaping of Output vulnerability in multiple products
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces.
network
low complexity
php fedoraproject CWE-116
8.8
2024-02-06 CVE-2024-0690 Improper Encoding or Escaping of Output vulnerability in multiple products
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios.
local
low complexity
redhat fedoraproject CWE-116
5.5
2024-02-03 CVE-2024-1064 Improper Encoding or Escaping of Output vulnerability in Craftycontrol Crafty Controller
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header
network
low complexity
craftycontrol CWE-116
7.5
2024-02-02 CVE-2023-47143 Improper Encoding or Escaping of Output vulnerability in IBM Tivoli Application Dependency Discovery Manager
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-116
critical
9.8
2024-01-29 CVE-2024-0987 Improper Encoding or Escaping of Output vulnerability in Kuerp Project Kuerp 1.0.4
A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1.0.4.
network
low complexity
kuerp-project CWE-116
critical
9.8
2024-01-24 CVE-2024-22229 Improper Encoding or Escaping of Output vulnerability in Dell products
Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker.
network
low complexity
dell CWE-116
4.3
2024-01-16 CVE-2023-7234 Improper Encoding or Escaping of Output vulnerability in Integrationobjects OPC UA Server Toolkit
OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field.
network
low complexity
integrationobjects CWE-116
5.3
2024-01-16 CVE-2023-6005 Improper Encoding or Escaping of Output vulnerability in Myeventon Eventon
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
network
low complexity
myeventon CWE-116
4.8
2024-01-16 CVE-2024-0233 Improper Encoding or Escaping of Output vulnerability in Myeventon Eventon
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
network
low complexity
myeventon CWE-116
6.1
2024-01-11 CVE-2024-22199 Improper Encoding or Escaping of Output vulnerability in Gofiber Django
This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface.
network
low complexity
gofiber CWE-116
6.1