Vulnerabilities > Improper Encoding or Escaping of Output
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-17 | CVE-2023-38316 | Improper Encoding or Escaping of Output vulnerability in Opennds Captive Portal An issue was discovered in OpenNDS Captive Portal before version 10.1.2. | 9.8 |
| 2023-11-06 | CVE-2023-5968 | Improper Encoding or Escaping of Output vulnerability in Mattermost Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. | 4.9 |
| 2023-10-25 | CVE-2023-45135 | Improper Encoding or Escaping of Output vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.0 |
| 2023-10-22 | CVE-2023-46300 | Improper Encoding or Escaping of Output vulnerability in Iterm2 iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration. | 9.8 |
| 2023-10-22 | CVE-2023-46301 | Improper Encoding or Escaping of Output vulnerability in Iterm2 iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload. | 9.8 |
| 2023-09-20 | CVE-2023-43620 | Improper Encoding or Escaping of Output vulnerability in Schollz Croc An issue was discovered in Croc through 9.6.5. | 7.8 |
| 2023-09-15 | CVE-2023-41889 | Improper Encoding or Escaping of Output vulnerability in Ss-Proj Shirasagi SHIRASAGI is a Content Management System. | 5.3 |
| 2023-09-12 | CVE-2023-37875 | Improper Encoding or Escaping of Output vulnerability in Wftpserver Wing FTP Server Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP Server: <= 7.2.0. | 5.4 |
| 2023-08-30 | CVE-2023-4571 | Improper Encoding or Escaping of Output vulnerability in Splunk IT Service Intelligence In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. | 8.6 |
| 2023-07-31 | CVE-2023-3997 | Improper Encoding or Escaping of Output vulnerability in Splunk Soar 6.0.1.123902 Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. | 7.8 |