Vulnerabilities > Improper Encoding or Escaping of Output
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-24 | CVE-2021-4041 | Improper Encoding or Escaping of Output vulnerability in Redhat Ansible Runner A flaw was found in ansible-runner. | 7.8 |
2022-08-18 | CVE-2020-36599 | Improper Encoding or Escaping of Output vulnerability in Omniauth lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value. | 9.8 |
2022-08-18 | CVE-2022-35153 | Improper Encoding or Escaping of Output vulnerability in Fusionpbx 5.0.1 FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php. | 9.8 |
2022-08-12 | CVE-2022-2619 | Improper Encoding or Escaping of Output vulnerability in multiple products Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. | 4.3 |
2022-08-01 | CVE-2022-2241 | Improper Encoding or Escaping of Output vulnerability in Fifu Featured Image From URL The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 6.1 |
2022-07-25 | CVE-2022-36446 | Improper Encoding or Escaping of Output vulnerability in Webmin software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. | 9.8 |
2022-07-17 | CVE-2022-2099 | Improper Encoding or Escaping of Output vulnerability in Woocommerce The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles | 4.8 |
2022-07-13 | CVE-2022-20230 | Improper Encoding or Escaping of Output vulnerability in Google Android In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. | 5.5 |
2022-06-22 | CVE-2022-32549 | Improper Encoding or Escaping of Output vulnerability in Apache Sling API and Sling Commons LOG Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. | 5.3 |
2022-05-19 | CVE-2022-28960 | Improper Encoding or Escaping of Output vulnerability in Spip A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire. | 8.8 |