238 matches found
Improper Encoding or Escaping of Output
Overview get-jwks is a Fetch utils for JWKS keys Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the getPublicKey process. An attacker can bypass issuer validation and gain unauthorized access by poisoning the JWKS cache with a crafted public key an...
WSO2 Identity Server 安全漏洞
WSO2 Identity Server IS is an identity server from the US-based WSO2 Inc. A security vulnerability exists in WSO2 Identity Server IS that stems from improperly encoded output and could lead to a reflective cross-site scripting attack...
CVE-2025-46703
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:AtMentions allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...
CVE-2025-57880
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceWhoIsOnline allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...
CVE-2025-48007
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...
CVE-2025-48007
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...
CVE-2025-46703
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:AtMentions allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...
CVE-2025-57880
The CVE-2025-57880 entry concerns an XSS vulnerability in Hallo Welt! GmbH BlueSpice, specifically the BlueSpiceWhoIsOnline extension . Affected are BlueSpice versions 5 through 5.1.1 where improper encoding/escaping of output may allow script execution. The root cause is an output encoding flaw ...
CVE-2025-57880 Potential XSS in Extension:BlueSpiceWhoIsOnline
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceWhoIsOnline allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...
CVE-2025-48007
CVE-2025-48007 affects Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceAvatars) with versions 5 through 5.1.1. The issue is an improper encoding or escaping of output that enables Cross-Site Scripting (XSS). The connected sources consistently describe the vulnerability as an XSS in BlueSpice 5–5.1...
CVE-2025-48007 Potential XSS in Extension:BlueSpiceAvatars
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...
BlueSpice 安全漏洞
BlueSpice is free Wiki software from BlueSpice based on the MediaWiki engine. A security vulnerability exists in BlueSpice versions 5 through 5.1.1, which stems from improper output encoding or escaping and could lead to cross-site scripting attacks...
PT-2025-38532
Name of the Vulnerable Software and Affected Versions BlueSpice versions 5 through 5.1.1 Description An improper encoding or escaping of output issue exists in the AtMentions extension of BlueSpice, which can lead to Cross-Site Scripting XSS. Recommendations Update BlueSpice to a version later th...
PT-2025-37992
Name of the Vulnerable Software and Affected Versions: HumanSuite versions prior to 53.21.0 Description: HumanSuite is susceptible to multiple issues including improper encoding or escaping of output, improper neutralization of special elements in output used by a downstream component injection,...
Improper Encoding or Escaping of Output
Overview org.webjars.npm:element-plus is an A Component Library for Vue 3 Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the href attribute handling in the el-link component. An attacker can execute arbitrary scripts, redirect users to malicious...
CVE-2024-31868
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue...
CVE-2023-5770
Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the emai...
CVE-2023-26279
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160...
CVE-2023-35890
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637...
CVE-2023-3190
Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9...