Vulnerabilities > Improper Encoding or Escaping of Output

DATE CVE VULNERABILITY TITLE RISK
2022-01-24 CVE-2021-45226 Improper Encoding or Escaping of Output vulnerability in Coins-Global Coins Construction Cloud 11.12
An issue was discovered in COINS Construction Cloud 11.12.
network
low complexity
coins-global CWE-116
6.5
2022-01-18 CVE-2021-29872 Improper Encoding or Escaping of Output vulnerability in IBM Cloud PAK for Automation
IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-116
5.4
2022-01-18 CVE-2022-0124 Improper Encoding or Escaping of Output vulnerability in Gitlab
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1.
network
low complexity
gitlab CWE-116
4.3
2022-01-18 CVE-2022-0210 Improper Encoding or Escaping of Output vulnerability in Buffercode Random Banner
The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the ~/include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.4.
network
low complexity
buffercode CWE-116
4.8
2021-12-23 CVE-2021-4068 Improper Encoding or Escaping of Output vulnerability in multiple products
Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-116
6.5
2021-12-15 CVE-2021-0933 Improper Encoding or Escaping of Output vulnerability in Google Android
In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation.
low complexity
google CWE-116
8.0
2021-12-14 CVE-2021-44042 Improper Encoding or Escaping of Output vulnerability in Uipath Assistant 21.4.4
An issue was discovered in UiPath Assistant 21.4.4.
network
low complexity
uipath CWE-116
critical
9.8
2021-12-14 CVE-2021-38182 Improper Encoding or Escaping of Output vulnerability in Kyma-Project Kyma
Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster.
network
low complexity
kyma-project CWE-116
8.8
2021-12-13 CVE-2021-40007 Improper Encoding or Escaping of Output vulnerability in Huawei Ecns280 TD Firmware V100R005C10Spc650
There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650.
network
low complexity
huawei CWE-116
6.5
2021-12-09 CVE-2021-43410 Improper Encoding or Escaping of Output vulnerability in Apache Airavata Django Portal
Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements.
network
low complexity
apache CWE-116
5.3