Vulnerabilities > Improper Encoding or Escaping of Output
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-01 | CVE-2022-2241 | Improper Encoding or Escaping of Output vulnerability in Fifu Featured Image From URL The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 6.1 |
2022-07-25 | CVE-2022-36446 | Improper Encoding or Escaping of Output vulnerability in Webmin software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. | 9.8 |
2022-07-17 | CVE-2022-2099 | Improper Encoding or Escaping of Output vulnerability in Woocommerce The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles | 4.8 |
2022-07-13 | CVE-2022-20230 | Improper Encoding or Escaping of Output vulnerability in Google Android In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. | 5.5 |
2022-07-12 | CVE-2022-34820 | Improper Encoding or Escaping of Output vulnerability in Siemens products A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). | 8.4 |
2022-06-22 | CVE-2022-32549 | Improper Encoding or Escaping of Output vulnerability in Apache Sling API and Sling Commons LOG Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. | 5.0 |
2022-05-23 | CVE-2022-29599 | Improper Encoding or Escaping of Output vulnerability in multiple products In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. | 9.8 |
2022-05-19 | CVE-2022-28960 | Improper Encoding or Escaping of Output vulnerability in Spip A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire. | 8.8 |
2022-05-17 | CVE-2022-30966 | Improper Encoding or Escaping of Output vulnerability in Jenkins Random String Parameter 1.0 Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 5.4 |
2022-05-16 | CVE-2021-23266 | Improper Encoding or Escaping of Output vulnerability in Craftercms Crafter CMS An anonymous user can craft a URL with text that ends up in the log viewer as is. | 4.3 |