Vulnerabilities > Improper Encoding or Escaping of Output
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-02 | CVE-2021-28940 | Improper Encoding or Escaping of Output vulnerability in Magpierss Project Magpierss 0.72 Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. | 9.8 |
2021-02-16 | CVE-2020-29023 | Improper Encoding or Escaping of Output vulnerability in Secomea products Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel). | 3.5 |
2021-02-11 | CVE-2021-20405 | Improper Encoding or Escaping of Output vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7 IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. | 7.5 |
2021-01-06 | CVE-2020-36173 | Improper Encoding or Escaping of Output vulnerability in Ninjaforms Ninja Forms The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. | 5.3 |
2020-12-31 | CVE-2020-13654 | Improper Encoding or Escaping of Output vulnerability in Xwiki XWiki Platform before 12.8 mishandles escaping in the property displayer. | 7.5 |
2020-11-19 | CVE-2020-28954 | Improper Encoding or Escaping of Output vulnerability in Bigbluebutton web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name. | 5.3 |
2020-10-29 | CVE-2020-25646 | Improper Encoding or Escaping of Output vulnerability in Ansible Collections Project Community.Crypto A flaw was found in Ansible Collection community.crypto. | 7.5 |
2020-10-21 | CVE-2020-27604 | Improper Encoding or Escaping of Output vulnerability in Bigbluebutton BigBlueButton before 2.3 does not implement LibreOffice sandboxing. | 6.5 |
2020-10-16 | CVE-2020-9862 | Improper Encoding or Escaping of Output vulnerability in Apple products A command injection issue existed in Web Inspector. | 7.8 |
2020-10-06 | CVE-2019-4326 | Improper Encoding or Escaping of Output vulnerability in Hcltech Appscan 10.0.0/9.0.3.14 "HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header." | 7.5 |