238 matches found
CVE-2021-23205
Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to...
CVE-2019-19714
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to Incomplete Cleanup and Improper Encoding or Escaping of Output due to Apache Tomcat (CVE-2025-31650 & CVE-2025-31651)
Summary IBM Integration Bus for z/OS is vulnerable to Incomplete Cleanup and Improper Encoding or Escaping of Output due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-31650 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HT...
CVE-2025-4600 HTTP Request Smuggling in Google Cloud Classic Application Load Balancer due to Improper Chunked Encoding Validation
A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after ...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the addCustomCSSPreset method in the ApiController.php file. An attacker can execute arbitrary code on the server by modifying the file extension to .php and injecting PHP code into the fi...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output due to the improper handling of TextArea properties with default content types. An attacker can execute arbitrary scripts that impact the confidentiality, integrity, and availability of the XWiki...
CVE-2025-23377
Dell PowerProtect Data Manager Reporting, versions 19.17, 19.18 contains an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs...
CVE-2025-23377
Dell PowerProtect Data Manager Reporting, versions 19.17, 19.18 contains an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs...
CVE-2025-23377
CVE-2025-23377 affects Dell PowerProtect Data Manager Reporting (versions 19.17–19.18). The issue is improper encoding/escaping of output in reporting outputs, enabling a high-privileged local attacker to inject arbitrary web script or HTML into reports. The connected PT-Security advisory notes t...
PT-2025-18080 · Dell · Dell Powerprotect Data Manager Reporting
Name of the Vulnerable Software and Affected Versions: Dell PowerProtect Data Manager Reporting versions 19.17 through 19.18 Description: The issue is related to improper encoding or escaping of output, which could be exploited by an attacker with high privileges and local access to inject...
CVE-2025-30657
An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon SRRD of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When a device configured for flow-monitoring receives a specific BGP update message, i...
CVE-2025-32078
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Version Compare Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Version Compare Extension: from 1.39 through 1.43...
DEBIAN-CVE-2025-32072
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects Mediawiki Core - Feed Utils: from 1.39 through 1.43...
Improper Encoding or Escaping of Output
Overview wikibase/wikibase is a Structured data repository for MediaWiki Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the ImageHandler::getDimensionsString method. An attacker can manipulate the output of the script by injecting malicious code in...
Improper Encoding or Escaping of Output
Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the fee...
CVE-2025-32078
CVE-2025-32078 is an XSS flaw in the Wikimedia Foundation MediaWiki Version Compare Extension (versions 1.39–1.43). The issue stems from improper encoding/escaping of output in the extension, enabling Cross-Site Scripting. Affected product: MediaWiki Version Compare Extension; affected versions: ...
CVE-2025-32078 XSSes and potential RCE in Special:VersionCompare
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Version Compare Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Version Compare Extension: from 1.39 through 1.43...
CVE-2025-32072
CVE-2025-32072 is an Improper Encoding or Escaping of Output issue in MediaWiki Core — Feed Utils, allowing WebView injection. Affected versions are MediaWiki Core Feed Utils from 1.39 through 1.43. The Debian LTS advisory DLA-4249 (mediawiki) indicates remediation via a security update fixing CV...
MediaWiki 安全漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the Wikimedia USA Foundation. The product can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki - Feed Utils versions 1.39 through 1.43, which...
PT-2025-16136 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: Mediawiki Core - Feed Utils versions 1.39 through 1.43 Description: The issue is related to improper encoding or escaping of output, which allows WebView Injection. This is a problem where output is not properly encoded or escaped, potentiall...