Vulnerabilities > Improper Encoding or Escaping of Output

DATE CVE VULNERABILITY TITLE RISK
2022-03-14 CVE-2022-22734 Improper Encoding or Escaping of Output vulnerability in Sedlex Simple Quotation 1.3.2
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes.
network
low complexity
sedlex CWE-116
6.1
2022-03-11 CVE-2022-22151 Improper Encoding or Escaping of Output vulnerability in Yokogawa products
CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
network
low complexity
yokogawa CWE-116
8.1
2022-02-26 CVE-2020-27958 Improper Encoding or Escaping of Output vulnerability in OSU Ohio Supercomputer Center Open Ondemand
The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template.
network
low complexity
osu CWE-116
4.3
2022-02-16 CVE-2022-25235 Improper Encoding or Escaping of Output vulnerability in multiple products
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
network
low complexity
libexpat-project debian fedoraproject oracle siemens CWE-116
critical
9.8
2022-02-14 CVE-2021-43106 Improper Encoding or Escaping of Output vulnerability in Compassplus products
A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause the application to behave in unexpected ways.
network
low complexity
compassplus CWE-116
6.1
2022-02-09 CVE-2022-23620 Improper Encoding or Escaping of Output vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-116
5.4
2022-02-09 CVE-2022-24682 Improper Encoding or Escaping of Output vulnerability in Zimbra Collaboration
An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021.
network
low complexity
zimbra CWE-116
6.1
2022-02-01 CVE-2022-0220 Improper Encoding or Escaping of Output vulnerability in Welaunch Wordpress Gdpr&Ccpa
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type.
network
low complexity
welaunch CWE-116
6.1
2022-02-01 CVE-2022-23603 Improper Encoding or Escaping of Output vulnerability in Itunesrpc-Remastered Project Itunesrpc-Remastered
iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music.
network
low complexity
itunesrpc-remastered-project CWE-116
6.1
2022-01-28 CVE-2022-22992 Improper Encoding or Escaping of Output vulnerability in Westerndigital MY Cloud OS
A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device.
network
low complexity
westerndigital CWE-116
critical
9.8