Vulnerabilities > Improper Encoding or Escaping of Output

DATE CVE VULNERABILITY TITLE RISK
2024-02-02 CVE-2023-47143 Improper Encoding or Escaping of Output vulnerability in IBM Tivoli Application Dependency Discovery Manager
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-116
critical
9.8
2024-01-29 CVE-2024-0987 Improper Encoding or Escaping of Output vulnerability in Kuerp Project Kuerp 1.0.4
A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1.0.4.
network
low complexity
kuerp-project CWE-116
critical
9.8
2024-01-24 CVE-2024-22229 Improper Encoding or Escaping of Output vulnerability in Dell products
Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker.
network
low complexity
dell CWE-116
4.3
2024-01-16 CVE-2023-7234 Improper Encoding or Escaping of Output vulnerability in Integrationobjects OPC UA Server Toolkit
OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field.
network
low complexity
integrationobjects CWE-116
5.3
2024-01-16 CVE-2023-6005 Improper Encoding or Escaping of Output vulnerability in Myeventon Eventon
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
network
low complexity
myeventon CWE-116
4.8
2024-01-16 CVE-2024-0233 Improper Encoding or Escaping of Output vulnerability in Myeventon Eventon
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
network
low complexity
myeventon CWE-116
6.1
2023-12-15 CVE-2023-42183 Improper Encoding or Escaping of Output vulnerability in Lockss Classic Lockss Daemon 1.75.9/1.76.5
lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick.
network
low complexity
lockss CWE-116
5.3
2023-11-24 CVE-2023-26279 Improper Encoding or Escaping of Output vulnerability in IBM Qradar Wincollect 10.0/10.0.1/10.1.6
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding.
local
low complexity
ibm CWE-116
7.8
2023-11-17 CVE-2023-38316 Improper Encoding or Escaping of Output vulnerability in Opennds Captive Portal
An issue was discovered in OpenNDS Captive Portal before version 10.1.2.
network
low complexity
opennds CWE-116
critical
9.8
2023-11-06 CVE-2023-5968 Improper Encoding or Escaping of Output vulnerability in Mattermost
Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. 
network
low complexity
mattermost CWE-116
4.9