Vulnerabilities > Improper Encoding or Escaping of Output
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-23 | CVE-2022-29599 | Improper Encoding or Escaping of Output vulnerability in multiple products In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. | 9.8 |
| 2022-05-19 | CVE-2022-28960 | Improper Encoding or Escaping of Output vulnerability in Spip A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire. | 8.8 |
| 2022-05-17 | CVE-2022-30966 | Improper Encoding or Escaping of Output vulnerability in Jenkins Random String Parameter 1.0 Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
| 2022-05-16 | CVE-2021-23266 | Improper Encoding or Escaping of Output vulnerability in Craftercms Crafter CMS An anonymous user can craft a URL with text that ends up in the log viewer as is. | 4.3 |
| 2022-05-16 | CVE-2022-30781 | Improper Encoding or Escaping of Output vulnerability in Gitea Gitea before 1.16.7 does not escape git fetch remote. | 7.5 |
| 2022-05-06 | CVE-2021-39027 | Improper Encoding or Escaping of Output vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0 IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. | 5.0 |
| 2022-05-03 | CVE-2021-29854 | Improper Encoding or Escaping of Output vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 7.2 |
| 2022-04-07 | CVE-2022-0935 | Improper Encoding or Escaping of Output vulnerability in Livehelperchat Live Helper Chat Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. | 8.8 |
| 2022-04-01 | CVE-2022-0741 | Improper Encoding or Escaping of Output vulnerability in Gitlab Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses. | 7.5 |
| 2022-03-28 | CVE-2022-0450 | Improper Encoding or Escaping of Output vulnerability in Freshlightlab Menu Image, Icons Made Easy The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. | 5.4 |