Cross-site Scripting (XSS)

org.jenkins-ci.plugins:cloudbees-jenkins-advisor is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper output encoding due to failure to escape responses from the Jenkins Health Advisor server, allowing attackers to inject scripts through controlled server responses...

Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Encoding or Escaping of Output vulnerability (CVE-2025-31651) and an Improper Input Validation vulnerability (CVE-2025-31651).

Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Encoding or Escaping of Output vulnerability CVE-2025-31651 and an Improper Input Validation vulnerability CVE-2025-31651. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerabilities...

The vulnerability of the org.xwiki.platform:xwiki-platform-security-requiredrights-default component of the XWiki Platform, a platform for creating collaborative web applications. This vulnerability allows an attacker to influence the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the org.xwiki.platform:xwiki-platform-security-requiredrights-default component of the XWiki Platform relates to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability could allow an attacker to influence the confidentiality, integrity, and...

CVE-2025-23377

Dell PowerProtect Data Manager Reporting, versions 19.17, 19.18 contains an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the addCustomCSSPreset method in the ApiController.php file. An attacker can execute arbitrary code on the server by modifying the file extension to .php and injecting PHP code into the fi...

Cross-Site Scripting (XSS)

pgadmin4 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to lack of input/output encoding when rendering query results, which allows an attacker to execute arbitrary HTML or JavaScript in the victim's browser...

GestioIP 3.5.7 - Reflected Cross-Site Scripting (Reflected XSS)

Exploit Title: GestioIP 3.5.7 - Reflected Cross-Site Scripting Reflected XSS Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email max.cybersecurity at belino.com GitHub disclosure link: https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50859...

UBUNTU-CVE-2025-32072

Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects Mediawiki Core - Feed Utils: from 1.39 through 1.43...

PT-2025-16142 · Mediawiki · Mediawiki

Name of the Vulnerable Software and Affected Versions: Mediawiki - Version Compare Extension versions 1.39 through 1.43 Description: The issue is related to Improper Encoding or Escaping of Output, which allows Cross-Site Scripting XSS in the Mediawiki - Version Compare Extension. Recommendations...

Juniper Networks Junos OS 安全漏洞

Juniper Networks Junos OS is a Juniper Networks USA network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS that stems from improper output...

Exploit for Improper Encoding or Escaping of Output in Apache Tomcat

CVE-2025-31651 For a subset of unlikely rewrite rule configura...

BIT-DOLIBARR-2024-23817 Dolibarr Application Home Page HTML injection vulnerability

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendere...

CVE-2025-27608

Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting XSS vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manager URLs field, which can be found in the...

The vulnerability of the mod_dav_svn function in Apache Subversion software allows a hacker to induce a service failure.

The vulnerability of the moddavsvn function in Apache Subversion relates to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability could allow an attacker to cause service failures remotely...

CVE-2024-10441

Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2024-50629

Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors...

CVE-2024-50629

Summary: CVE-2024-50629 affects Synology BeeStation OS (BSM) and DiskStation Manager (DSM). The vulnerability is in the webapi component and arises from improper encoding or escaping of output, allowing remote attackers to read limited files via unspecified vectors. Affected products/versions inc...

CVE-2024-10441

Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2024-10441

Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors...

HTML Injection

froxlor/froxlor is vulnerable to HTML Injection. The vulnerability is due to lack of proper input sanitization and output encoding, allowing malicious HTML payloads to be injected and executed in the customer account portal...