Vulnerabilities > Improper Encoding or Escaping of Output
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-25 | CVE-2020-24592 | Improper Encoding or Escaping of Output vulnerability in Mitel Micloud Management Portal 5.3/6.0/6.1 Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization. | 5.3 |
2020-09-09 | CVE-2020-6313 | Improper Encoding or Escaping of Output vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting. | 6.5 |
2020-08-29 | CVE-2020-24972 | Improper Encoding or Escaping of Output vulnerability in multiple products The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. | 8.8 |
2020-08-20 | CVE-2020-16281 | Improper Encoding or Escaping of Output vulnerability in Rangee Rangeeos 8.0.4 The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus being accessible. | 7.8 |
2020-07-27 | CVE-2020-7694 | Improper Encoding or Escaping of Output vulnerability in Encode Uvicorn This affects all versions of package uvicorn. | 7.5 |
2020-07-01 | CVE-2020-6261 | Improper Encoding or Escaping of Output vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. | 5.3 |
2020-06-19 | CVE-2017-18892 | Improper Encoding or Escaping of Output vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. | 6.1 |
2020-06-08 | CVE-2020-5304 | Improper Encoding or Escaping of Output vulnerability in Whitesourcesoftware Whitesource The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. | 7.5 |
2020-06-08 | CVE-2020-13625 | Improper Encoding or Escaping of Output vulnerability in multiple products PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. | 7.5 |
2020-04-14 | CVE-2020-6227 | Improper Encoding or Escaping of Output vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files. | 7.5 |