Vulnerabilities > Improper Encoding or Escaping of Output

DATE CVE VULNERABILITY TITLE RISK
2021-11-24 CVE-2021-20844 Improper Encoding or Escaping of Output vulnerability in multiple products
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.
network
low complexity
yamaha ntt-west CWE-116
5.7
2021-11-17 CVE-2021-42250 Improper Encoding or Escaping of Output vulnerability in Apache Superset
Improper output neutralization for Logs.
network
low complexity
apache CWE-116
6.5
2021-11-02 CVE-2021-41232 Improper Encoding or Escaping of Output vulnerability in Thunderdome Planning Poker
Thunderdome is an open source agile planning poker tool in the theme of Battling for points.
network
low complexity
thunderdome CWE-116
critical
9.8
2021-10-06 CVE-2021-21684 Improper Encoding or Escaping of Output vulnerability in Jenkins GIT
Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.
network
low complexity
jenkins CWE-116
6.1
2021-09-14 CVE-2021-33672 Improper Encoding or Escaping of Output vulnerability in SAP Contact Center 700
Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message.
network
low complexity
sap CWE-116
critical
9.6
2021-08-23 CVE-2021-39367 Improper Encoding or Escaping of Output vulnerability in Canon OCE Print Exec Workgroup 1.3.2
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection.
network
low complexity
canon CWE-116
5.3
2021-08-20 CVE-2021-22254 Improper Encoding or Escaping of Output vulnerability in Gitlab
Under very specific conditions a user could be impersonated using Gitlab shell.
network
low complexity
gitlab CWE-116
4.3
2021-08-16 CVE-2021-38751 Improper Encoding or Escaping of Output vulnerability in Exponentcms
A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php.
network
low complexity
exponentcms CWE-116
4.3
2021-08-13 CVE-2021-32067 Improper Encoding or Escaping of Output vulnerability in Mitel Micollab
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization.
network
low complexity
mitel CWE-116
6.5
2021-08-13 CVE-2021-32072 Improper Encoding or Escaping of Output vulnerability in Mitel Micollab
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information (disclosing sensitive application data) due to insufficient output sanitization.
network
low complexity
mitel CWE-116
6.5