Vulnerabilities > Improper Encoding or Escaping of Output
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-21 | CVE-2022-0421 | Improper Encoding or Escaping of Output vulnerability in Fivestarplugins Five Star Restaurant Reservations The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. | 6.1 |
| 2022-11-16 | CVE-2022-4011 | Improper Encoding or Escaping of Output vulnerability in Simple History Project Simple History A vulnerability was found in Simple History Plugin. | 9.8 |
| 2022-11-14 | CVE-2022-34316 | Improper Encoding or Escaping of Output vulnerability in IBM Cics TX 11.1 IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. | 5.3 |
| 2022-11-11 | CVE-2022-3941 | Improper Encoding or Escaping of Output vulnerability in Activity LOG Project Activity LOG A vulnerability has been found in Activity Log Plugin and classified as critical. | 5.3 |
| 2022-10-24 | CVE-2021-42010 | Improper Encoding or Escaping of Output vulnerability in Apache Heron Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. | 9.8 |
| 2022-10-03 | CVE-2022-41443 | Improper Encoding or Escaping of Output vulnerability in PHPipam 1.5.0 phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php. | 9.8 |
| 2022-09-29 | CVE-2021-40694 | Improper Encoding or Escaping of Output vulnerability in Moodle Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account. | 4.9 |
| 2022-09-23 | CVE-2022-41322 | Improper Encoding or Escaping of Output vulnerability in multiple products In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. | 7.8 |
| 2022-09-20 | CVE-2022-39956 | Improper Encoding or Escaping of Output vulnerability in multiple products The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set. | 9.8 |
| 2022-09-20 | CVE-2022-39957 | Improper Encoding or Escaping of Output vulnerability in multiple products The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. | 7.5 |