Vulnerabilities > Improper Encoding or Escaping of Output

DATE CVE VULNERABILITY TITLE RISK
2021-04-02 CVE-2021-28940 Improper Encoding or Escaping of Output vulnerability in Magpierss Project Magpierss 0.72
Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary.
network
low complexity
magpierss-project CWE-116
critical
9.8
2021-02-16 CVE-2020-29023 Improper Encoding or Escaping of Output vulnerability in Secomea products
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel).
network
low complexity
secomea CWE-116
3.5
2021-02-11 CVE-2021-20405 Improper Encoding or Escaping of Output vulnerability in IBM Security Verify Information Queue 1.0.6/1.0.7
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output.
network
low complexity
ibm CWE-116
7.5
2021-01-06 CVE-2020-36173 Improper Encoding or Escaping of Output vulnerability in Ninjaforms Ninja Forms
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.
network
low complexity
ninjaforms CWE-116
5.3
2020-12-31 CVE-2020-13654 Improper Encoding or Escaping of Output vulnerability in Xwiki
XWiki Platform before 12.8 mishandles escaping in the property displayer.
network
low complexity
xwiki CWE-116
7.5
2020-11-19 CVE-2020-28954 Improper Encoding or Escaping of Output vulnerability in Bigbluebutton
web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name.
network
low complexity
bigbluebutton CWE-116
5.3
2020-10-29 CVE-2020-25646 Improper Encoding or Escaping of Output vulnerability in Ansible Collections Project Community.Crypto
A flaw was found in Ansible Collection community.crypto.
network
low complexity
ansible-collections-project CWE-116
7.5
2020-10-21 CVE-2020-27604 Improper Encoding or Escaping of Output vulnerability in Bigbluebutton
BigBlueButton before 2.3 does not implement LibreOffice sandboxing.
network
low complexity
bigbluebutton CWE-116
6.5
2020-10-16 CVE-2020-9862 Improper Encoding or Escaping of Output vulnerability in Apple products
A command injection issue existed in Web Inspector.
local
low complexity
apple CWE-116
7.8
2020-10-06 CVE-2019-4326 Improper Encoding or Escaping of Output vulnerability in Hcltech Appscan 10.0.0/9.0.3.14
"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."
network
low complexity
hcltech CWE-116
7.5