Design/Logic Flaw

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...

CVE-2019-19714

Contao CVE-2019-19714 affects Contao CMS 4.8.4 and 4.8.5, where improper encoding/escaping in the login module allows injection of insert tags that are replaced during page rendering. This is due to insufficient output encoding in the login module, with the advised remediation to upgrade to Conta...

CVE-2019-16522

The eu-cookie-law plugin through 3.0.6 for WordPress aka EU Cookie Law GDPR is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An...

CVE-2019-16520

The all-in-one-seo-pack plugin before 3.2.7 for WordPress aka All in One SEO Pack is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement...

CVE-2019-16520

The all-in-one-seo-pack plugin before 3.2.7 for WordPress aka All in One SEO Pack is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement...

CVE-2019-16522

The eu-cookie-law plugin through 3.0.6 for WordPress aka EU Cookie Law GDPR is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. An...

CVE-2019-16521

The CVE-2019-16521 entry concerns the WordPress Broken Link Checker plugin (

CVE-2019-16524

The easy-fancybox plugin before 1.8.18 for WordPress aka Easy FancyBox is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter...

CVE-2019-16524

The easy-fancybox plugin before 1.8.18 for WordPress aka Easy FancyBox is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. This occurs because there is no inline styles output filter...

CVE-2019-11547

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues...

CVE-2019-11547

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues...

CVE-2019-0329

SAP Information Steward, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

TYPO3 Multiple Cross-Site Scripting Vulnerabilities (Jan 2016)

TYPO3 is prone to multiple cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3";...

CVE-2013-5855

Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a 1 tag or 2 EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting XSS attacks via application-specific vectors...

Improper Handling of Alternate Encoding

Overview Affected versions of this package are vulnerable to Improper Handling of Alternate Encoding via boost::locale::utf::utftraits in the /boost/locale/utf.hpp, which does not properly detect certain invalid UTF-8 sequences. A remote attacker can bypass input validation protection mechanisms...

RHEL 4 : glibc (RHSA-2012:0125)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0125 advisory. - glibc: tzfileread integer overflow to buffer overflow CVE-2009-5029 - glibc: ldd unexpected code execution issue CVE-2009-5064 - glibc:...

SeaMonkey < 1.1.10 Multiple Vulnerabilities

Binary data 4568.prm...

PHPMemcachedAdmin vulnerable to cross-site scripting (XSS) via improper encoding

More info at https://nvd.nist.gov/vuln/detail/CVE-2023-6027...