Vulnerabilities > Improper Encoding or Escaping of Output
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-18 | CVE-2022-0124 | Improper Encoding or Escaping of Output vulnerability in Gitlab An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. | 4.3 |
| 2022-01-18 | CVE-2022-0210 | Improper Encoding or Escaping of Output vulnerability in Buffercode Random Banner The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the ~/include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.4. | 4.8 |
| 2021-12-23 | CVE-2021-4068 | Improper Encoding or Escaping of Output vulnerability in multiple products Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2021-12-15 | CVE-2021-0933 | Improper Encoding or Escaping of Output vulnerability in Google Android In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. | 8.0 |
| 2021-12-14 | CVE-2021-44042 | Improper Encoding or Escaping of Output vulnerability in Uipath Assistant 21.4.4 An issue was discovered in UiPath Assistant 21.4.4. | 7.5 |
| 2021-12-14 | CVE-2021-38182 | Improper Encoding or Escaping of Output vulnerability in Kyma-Project Kyma Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster. | 6.5 |
| 2021-12-13 | CVE-2021-40007 | Improper Encoding or Escaping of Output vulnerability in Huawei Ecns280 TD Firmware V100R005C10Spc650 There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. | 4.0 |
| 2021-12-09 | CVE-2021-43410 | Improper Encoding or Escaping of Output vulnerability in Apache Airavata Django Portal Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. | 5.0 |
| 2021-11-24 | CVE-2021-20844 | Improper Encoding or Escaping of Output vulnerability in multiple products Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page. | 3.5 |
| 2021-11-17 | CVE-2021-42250 | Improper Encoding or Escaping of Output vulnerability in Apache Superset Improper output neutralization for Logs. | 4.0 |