CVE-2024-50629

Summary: CVE-2024-50629 affects Synology BeeStation OS (BSM) and DiskStation Manager (DSM). The vulnerability is in the webapi component and arises from improper encoding or escaping of output, allowing remote attackers to read limited files via unspecified vectors. Affected products/versions inc...

CVE-2024-10441

Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2024-10441

Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors...

HTML Injection

froxlor/froxlor is vulnerable to HTML Injection. The vulnerability is due to lack of proper input sanitization and output encoding, allowing malicious HTML payloads to be injected and executed in the customer account portal...

Python Improper Encoding of Output Vulnerability (Feb 2025) - Linux

Python is prone to an improper encoding of output vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Stored Cross-site Scripting (XSS)

leantime/leantime is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper input sanitization and output encoding, allowing attackers to inject malicious scripts that get stored and executed when retrieved by users...

Cross-Site Scripting (Reflected XSS)

Leantime is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation and output encoding in the "overdue" section, allowing attackers to upload malicious image files containing XSS payloads...

The vulnerability of the ANSI Escape Sequence Handler component in the distributed Git version control system allows a hacker to disclose protected information.

The vulnerability of the ANSI Escape Sequence Handler component in the distributed Git version control system is related to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows an attacker to gain access to confidential data...

CVE-2024-56277

Improper Encoding or Escaping of Output vulnerability in Poll Maker Team Poll Maker. This issue affects Poll Maker: from n/a through n/a...

CVE-2024-56277 WordPress Poll Maker Plugin < 5.5.5 - HTML Injection vulnerability

Improper Encoding or Escaping of Output vulnerability in Ays Pro Poll Maker poll-maker.This issue affects Poll Maker: from n/a through 5.5.5...

PT-2025-3240 · Unknown · Poll Maker

Name of the Vulnerable Software and Affected Versions: Poll Maker affected versions not specified Description: The issue is related to improper encoding or escaping of output in Poll Maker Team Poll Maker. This can potentially lead to security issues, but specific details about exploitation, such...

Cross-site Scripting (XSS)

Overview org.jboss.hal:hal-core is a Core HAL API. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper neutralization of user-controllable input before it is placed in output that is served as a web page. An attacker can execute arbitrary script in the...

BIT-GITLAB-2024-8179 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled...

CVE-2024-8179

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled...

UBUNTU-CVE-2024-8179

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled...

CVE-2024-8179

CVE-2024-8179 affects GitLab CE/EE, specifically versions 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. The issue is caused by improper output encoding that can lead to cross-site scripting (XSS) if CSP is not enabled. The vulnerability is scoped to the web page generation path ...

CVE-2024-8179

Removed by vendor...

CVE-2024-8179 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled...

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A cross-site scripting vulnerability exists in GitLab, which stems from...

LimeSurvey < 6.5.0 XSS Vulnerability

LimeSurvey is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...