Vulnerabilities > Improper Encoding or Escaping of Output

DATE CVE VULNERABILITY TITLE RISK
2022-05-17 CVE-2022-30966 Improper Encoding or Escaping of Output vulnerability in Jenkins Random String Parameter 1.0
Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
network
low complexity
jenkins CWE-116
5.4
2022-05-16 CVE-2021-23266 Improper Encoding or Escaping of Output vulnerability in Craftercms Crafter CMS
An anonymous user can craft a URL with text that ends up in the log viewer as is.
network
low complexity
craftercms CWE-116
4.3
2022-05-16 CVE-2022-30781 Improper Encoding or Escaping of Output vulnerability in Gitea
Gitea before 1.16.7 does not escape git fetch remote.
network
low complexity
gitea CWE-116
7.5
2022-05-06 CVE-2021-39027 Improper Encoding or Escaping of Output vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly.
network
low complexity
ibm CWE-116
5.0
2022-05-03 CVE-2021-29854 Improper Encoding or Escaping of Output vulnerability in IBM Maximo Application Suite and Maximo Asset Management
IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.
network
low complexity
ibm CWE-116
7.2
2022-04-07 CVE-2022-0935 Improper Encoding or Escaping of Output vulnerability in Livehelperchat Live Helper Chat
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.
network
low complexity
livehelperchat CWE-116
8.8
2022-04-01 CVE-2022-0741 Improper Encoding or Escaping of Output vulnerability in Gitlab
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.
network
low complexity
gitlab CWE-116
7.5
2022-03-28 CVE-2022-0450 Improper Encoding or Escaping of Output vulnerability in Freshlightlab Menu Image, Icons Made Easy
The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them.
network
low complexity
freshlightlab CWE-116
5.4
2022-03-21 CVE-2022-26174 Improper Encoding or Escaping of Output vulnerability in Beekeeperstudio Beekeeper-Studio
A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields.
network
low complexity
beekeeperstudio CWE-116
critical
9.8
2022-03-15 CVE-2021-45848 Improper Encoding or Escaping of Output vulnerability in multiple products
Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.
network
low complexity
nicotine-plus fedoraproject CWE-116
7.5