Vulnerabilities > Improper Encoding or Escaping of Output
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-14 | CVE-2021-43106 | Improper Encoding or Escaping of Output vulnerability in Compassplus products A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause the application to behave in unexpected ways. | 6.1 |
| 2022-02-09 | CVE-2022-23620 | Improper Encoding or Escaping of Output vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 5.4 |
| 2022-02-09 | CVE-2022-24682 | Improper Encoding or Escaping of Output vulnerability in Zimbra Collaboration An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. | 6.1 |
| 2022-02-01 | CVE-2022-0220 | Improper Encoding or Escaping of Output vulnerability in Welaunch Wordpress Gdpr&Ccpa The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. | 6.1 |
| 2022-02-01 | CVE-2022-23603 | Improper Encoding or Escaping of Output vulnerability in Itunesrpc-Remastered Project Itunesrpc-Remastered iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. | 6.1 |
| 2022-01-28 | CVE-2022-22992 | Improper Encoding or Escaping of Output vulnerability in Westerndigital MY Cloud OS A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. | 9.8 |
| 2022-01-24 | CVE-2021-45226 | Improper Encoding or Escaping of Output vulnerability in Coins-Global Coins Construction Cloud 11.12 An issue was discovered in COINS Construction Cloud 11.12. | 6.5 |
| 2022-01-18 | CVE-2021-29872 | Improper Encoding or Escaping of Output vulnerability in IBM Cloud PAK for Automation IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 5.4 |
| 2022-01-18 | CVE-2022-0124 | Improper Encoding or Escaping of Output vulnerability in Gitlab An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. | 4.3 |
| 2022-01-18 | CVE-2022-0210 | Improper Encoding or Escaping of Output vulnerability in Buffercode Random Banner The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the ~/include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.4. | 4.8 |