Vulnerabilities > Improper Encoding or Escaping of Output

DATE CVE VULNERABILITY TITLE RISK
2020-09-25 CVE-2020-24592 Improper Encoding or Escaping of Output vulnerability in Mitel Micloud Management Portal 5.3/6.0/6.1
Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization.
network
low complexity
mitel CWE-116
5.3
2020-09-09 CVE-2020-6313 Improper Encoding or Escaping of Output vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting.
network
low complexity
sap CWE-116
6.5
2020-08-29 CVE-2020-24972 Improper Encoding or Escaping of Output vulnerability in multiple products
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options.
8.8
2020-08-20 CVE-2020-16281 Improper Encoding or Escaping of Output vulnerability in Rangee Rangeeos 8.0.4
The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus being accessible.
local
low complexity
rangee CWE-116
7.8
2020-07-27 CVE-2020-7694 Improper Encoding or Escaping of Output vulnerability in Encode Uvicorn
This affects all versions of package uvicorn.
network
low complexity
encode CWE-116
7.5
2020-07-01 CVE-2020-6261 Improper Encoding or Escaping of Output vulnerability in SAP Solution Manager 7.20
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation.
network
low complexity
sap CWE-116
5.3
2020-06-19 CVE-2017-18892 Improper Encoding or Escaping of Output vulnerability in Mattermost Server
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5.
network
low complexity
mattermost CWE-116
6.1
2020-06-08 CVE-2020-5304 Improper Encoding or Escaping of Output vulnerability in Whitesourcesoftware Whitesource
The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI.
network
low complexity
whitesourcesoftware CWE-116
7.5
2020-06-08 CVE-2020-13625 Improper Encoding or Escaping of Output vulnerability in multiple products
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character.
7.5
2020-04-14 CVE-2020-6227 Improper Encoding or Escaping of Output vulnerability in SAP Businessobjects Business Intelligence Platform 4.2
SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files.
network
low complexity
sap CWE-116
7.5