Vulnerabilities > Improper Encoding or Escaping of Output
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-19 | CVE-2020-28954 | Improper Encoding or Escaping of Output vulnerability in Bigbluebutton web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name. | 5.3 |
| 2020-11-18 | CVE-2020-26226 | Improper Encoding or Escaping of Output vulnerability in Semantic-Release Project Semantic-Release In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL. | 8.1 |
| 2020-10-29 | CVE-2020-25646 | Improper Encoding or Escaping of Output vulnerability in Ansible Collections Project Community.Crypto A flaw was found in Ansible Collection community.crypto. | 7.5 |
| 2020-10-21 | CVE-2020-27604 | Improper Encoding or Escaping of Output vulnerability in Bigbluebutton BigBlueButton before 2.3 does not implement LibreOffice sandboxing. | 6.5 |
| 2020-10-16 | CVE-2020-9862 | Improper Encoding or Escaping of Output vulnerability in Apple products A command injection issue existed in Web Inspector. | 7.8 |
| 2020-10-06 | CVE-2019-4326 | Improper Encoding or Escaping of Output vulnerability in Hcltech Appscan 10.0.0/9.0.3.14 "HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header." | 7.5 |
| 2020-09-25 | CVE-2020-24592 | Improper Encoding or Escaping of Output vulnerability in Mitel Micloud Management Portal 5.3/6.0/6.1 Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization. | 5.3 |
| 2020-09-09 | CVE-2020-6313 | Improper Encoding or Escaping of Output vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting. | 6.5 |
| 2020-08-29 | CVE-2020-24972 | Improper Encoding or Escaping of Output vulnerability in multiple products The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. | 8.8 |
| 2020-08-20 | CVE-2020-16281 | Improper Encoding or Escaping of Output vulnerability in Rangee Rangeeos 8.0.4 The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus being accessible. | 7.8 |