PT-2023-25222 · Teampass · Teampass

Name of the Vulnerable Software and Affected Versions: TeamPass versions prior to 3.0.10 Description: The issue is related to improper encoding or escaping of output, which can lead to cross-site scripting filter bypass in folder names, potentially resulting in information disclosure...

CVE-2023-35890

CVE-2023-35890 affects IBM WebSphere Application Server 8.5 and 9.0. the issue is weaker-than-expected security caused by improper encoding in a local configuration file. IBM advisories link to fixes/upgrades; remediation varies by product: ITNCM (IBM Tivoli Netcool Configuration Manager) 6.4.2: ...

IBM WebSphere Application Server 8.5.5.23 < 8.5.5.24 / 9.0.5.15 < 9.0.5.17 (7007857)

The IBM WebSphere Application Server running on the remote host is affected by a improper encoding flaw. IBM WebSphere Application Server 8.5 and 9.0 traditional could provide weaker than expected security, caused by the improper encoding in a local configuration file. Note that Nessus has not...

CVE-2023-3190

Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9...

CVE-2023-3190 Improper Encoding or Escaping of Output in nilsteampassnet/teampass

Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9...

PT-2023-23506 · Teampass · Teampass

Name of the Vulnerable Software and Affected Versions: teampass versions prior to 3.0.9 Description: The issue is related to improper encoding or escaping of output in the GitHub repository nilsteampassnet/teampass. This may have led to stored cross-site scripting XSS vectors in the application d...

PT-2023-8824 · Unem +1 · Unem +1

Name of the Vulnerable Software and Affected Versions: FOXMAN-UN versions R9C through R16A UNEM versions R9C through R16A Description: A vulnerability exists in the FOXMAN-UN and UNEM logging component, affecting systems that use remote authentication to the network elements. If exploited, an...

Improper Encoding or Escaping of Output

Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output. Go Vulnerability Report:Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing...

Improper Encoding

Flatpak is vulnerable to Improper Encoding. A malicious attacker to craft a flatpack app with elevated permisions and hide them from its users which is resulted due to improper encoding...

Moodle Improper Encoding or Escaping of Output

Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account...

Improper Encoding or Escaping of Output in Apache Superset

Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs...

GHSA-5FP8-C45M-256P Improper Encoding or Escaping of Output in Apache Superset

Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs...

CVE-2021-23283

Eaton Intelligent Power Protector IPP prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software...

Cross site scripting

Eaton Intelligent Power Protector IPP prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software...

Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri...

GHSA-785X-QW4V-6872 Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri...

Ubuntu 18.04 LTS / 20.04 LTS : Django vulnerabilities (USN-5269-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5269-1 advisory. Keryn Knight discovered that Django incorrectly handled certain template tags. A remote attacker could possibly use this issue to perform a...

Django 跨站脚本漏洞

Django is the Django Foundation's set of open source web application framework based on the Python language. The framework includes an object-oriented mapper, view system, template system, etc. A cross-site scripting vulnerability exists in Django, which stems from the product's % debug %...

Cross-site Scripting (XSS)

snipe-it is vulnerable to cross-site scripting attacks. The vulnerability exists because the custom field values in API response in transformAsset function of AssetsTransformer.php is not properly encoded which allows an attacker to inject and execute arbitrary Javascript...

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to cross-site scripting. This is due to improper encoding of the tags, which allows an attacker to insert and execute malicious javascript...