TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Typo3 association in Switzerland. TYPO3 suffers from a cross-site scripting vulnerability that stems from a failure to properly encode user input. No detailed vulnerability details are currently available...

nginx 0.8.41 <= 1.5.6 Improper Encoding or Escaping of Output Vulnerability

nginx is prone to a improper encoding or escaping of output vulnerability due to bypass intended restrictions via an unescaped space character in a URI. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2021-23205

Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to...

CVE-2021-23205

Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to...

CVE-2021-23205

Gallagher Command Centre Server is affected by an improper encoding/escaping vulnerability that lets a Command Centre Operator alter the configuration of controllers and other hardware items beyond their privileges. Affected versions include Gallagher Command Centre 8.40 before 8.40.1888 (MR3), 8...

CVE-2021-23205

Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

It is an offensive tool for various areas. The repository contains a collection of vulnerable docker environments, including: CouchDB FFmpeg Git InfluxDB Jenkins Nginx Oracle Java Apache HTTP Server GitLab FastJSON Jenkins Electron The vulnerabilities include: CVE-2016-9086 GitLab CVE-2016-10134...

Red Hat Keycloak Input Validation Error Vulnerability

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. Red Hat Keycloak has an input validation error vulnerability that arises from not properly encoding user-supplied data fields and using...

CVE-2021-20405

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183...

CVE-2021-20405

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183...

Design/Logic Flaw

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183...

CVE-2021-20405

CVE-2021-20405 affects IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7. The root cause is improper encoding of output in web error/message handling, which could allow a user to perform unauthorized activities or disclose information via improperly encoded responses. IBM’s bu...

CVE-2021-20405

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183...

Security Bulletin: IBM Security Verify Information Queue does not properly encode error messages sent to web users (CVE-2021-20405)

Summary When an error occurs while using the IBM Security Verify Information Queue ISIQ web application, the status messages sent back to the user are not properly encoded. This could lead to information disclosure, which could then be leveraged in a phishing attack. As of v10.0.0, the ISIQ web...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments, including ones related to CVE-2016-9086, CVE-2017-1000353, CVE-2013-4547, and CVE-2018-1000006. The target...

RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack

A cross-site scripting XSS flaw was found in RESTEasy, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack...

PT-2020-2139 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.34.1 Description: The issue in MediaWiki is related to the lack of proper output encoding or escaping, which can be exploited by a remote attacker to impact data integrity. Users can add various Cascading Style...

8x8: Stored XSS on Company Logo

The ContactNow application saved the location of the custom company logo without proper encoding considerations...

CVE-2019-19714

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...

CVE-2019-19714

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...