Vulnerabilities > Improper Encoding or Escaping of Output

DATE CVE VULNERABILITY TITLE RISK
2022-08-24 CVE-2021-4041 Improper Encoding or Escaping of Output vulnerability in Redhat Ansible Runner
A flaw was found in ansible-runner.
local
low complexity
redhat CWE-116
7.8
2022-08-18 CVE-2020-36599 Improper Encoding or Escaping of Output vulnerability in Omniauth
lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.
network
low complexity
omniauth CWE-116
critical
9.8
2022-08-18 CVE-2022-35153 Improper Encoding or Escaping of Output vulnerability in Fusionpbx 5.0.1
FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php.
network
low complexity
fusionpbx CWE-116
critical
9.8
2022-08-12 CVE-2022-2619 Improper Encoding or Escaping of Output vulnerability in multiple products
Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page.
network
low complexity
google fedoraproject CWE-116
4.3
2022-08-01 CVE-2022-2241 Improper Encoding or Escaping of Output vulnerability in Fifu Featured Image From URL
The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
network
low complexity
fifu CWE-116
6.1
2022-07-25 CVE-2022-36446 Improper Encoding or Escaping of Output vulnerability in Webmin
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
network
low complexity
webmin CWE-116
critical
9.8
2022-07-17 CVE-2022-2099 Improper Encoding or Escaping of Output vulnerability in Woocommerce
The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles
network
low complexity
woocommerce CWE-116
4.8
2022-07-13 CVE-2022-20230 Improper Encoding or Escaping of Output vulnerability in Google Android
In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation.
local
low complexity
google CWE-116
5.5
2022-06-22 CVE-2022-32549 Improper Encoding or Escaping of Output vulnerability in Apache Sling API and Sling Commons LOG
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection.
network
low complexity
apache CWE-116
5.3
2022-05-19 CVE-2022-28960 Improper Encoding or Escaping of Output vulnerability in Spip
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.
network
low complexity
spip CWE-116
8.8