Vulnerabilities > Improper Encoding or Escaping of Output
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-02 | CVE-2023-47143 | Improper Encoding or Escaping of Output vulnerability in IBM Tivoli Application Dependency Discovery Manager IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 9.8 |
2024-01-29 | CVE-2024-0987 | Improper Encoding or Escaping of Output vulnerability in Kuerp Project Kuerp 1.0.4 A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1.0.4. | 9.8 |
2024-01-24 | CVE-2024-22229 | Improper Encoding or Escaping of Output vulnerability in Dell products Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. | 4.3 |
2024-01-16 | CVE-2023-7234 | Improper Encoding or Escaping of Output vulnerability in Integrationobjects OPC UA Server Toolkit OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field. | 5.3 |
2024-01-16 | CVE-2023-6005 | Improper Encoding or Escaping of Output vulnerability in Myeventon Eventon The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2024-01-16 | CVE-2024-0233 | Improper Encoding or Escaping of Output vulnerability in Myeventon Eventon The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2023-12-15 | CVE-2023-42183 | Improper Encoding or Escaping of Output vulnerability in Lockss Classic Lockss Daemon 1.75.9/1.76.5 lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick. | 5.3 |
2023-11-24 | CVE-2023-26279 | Improper Encoding or Escaping of Output vulnerability in IBM Qradar Wincollect 10.0/10.0.1/10.1.6 IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. | 7.8 |
2023-11-17 | CVE-2023-38316 | Improper Encoding or Escaping of Output vulnerability in Opennds Captive Portal An issue was discovered in OpenNDS Captive Portal before version 10.1.2. | 9.8 |
2023-11-06 | CVE-2023-5968 | Improper Encoding or Escaping of Output vulnerability in Mattermost Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. | 4.9 |