CVE-2023-5770

Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the emai...

CVE-2023-26279

IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160...

CVE-2023-35890

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637...

CVE-2023-3190

Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9...

CVE-2021-23205

Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to...

CVE-2019-19714

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to Incomplete Cleanup and Improper Encoding or Escaping of Output due to Apache Tomcat (CVE-2025-31650 & CVE-2025-31651)

Summary IBM Integration Bus for z/OS is vulnerable to Incomplete Cleanup and Improper Encoding or Escaping of Output due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-31650 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HT...

CVE-2025-4600 HTTP Request Smuggling in Google Cloud Classic Application Load Balancer due to Improper Chunked Encoding Validation

A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after ...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the addCustomCSSPreset method in the ApiController.php file. An attacker can execute arbitrary code on the server by modifying the file extension to .php and injecting PHP code into the fi...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output due to the improper handling of TextArea properties with default content types. An attacker can execute arbitrary scripts that impact the confidentiality, integrity, and availability of the XWiki...

CVE-2025-23377

Dell PowerProtect Data Manager Reporting, versions 19.17, 19.18 contains an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs...

CVE-2025-23377

Dell PowerProtect Data Manager Reporting, versions 19.17, 19.18 contains an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs...

CVE-2025-23377

CVE-2025-23377 affects Dell PowerProtect Data Manager Reporting (versions 19.17–19.18). The issue is improper encoding/escaping of output in reporting outputs, enabling a high-privileged local attacker to inject arbitrary web script or HTML into reports. The connected PT-Security advisory notes t...

PT-2025-18080 · Dell · Dell Powerprotect Data Manager Reporting

Name of the Vulnerable Software and Affected Versions: Dell PowerProtect Data Manager Reporting versions 19.17 through 19.18 Description: The issue is related to improper encoding or escaping of output, which could be exploited by an attacker with high privileges and local access to inject...

CVE-2025-30657

An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon SRRD of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When a device configured for flow-monitoring receives a specific BGP update message, i...

CVE-2025-32078

Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Version Compare Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Version Compare Extension: from 1.39 through 1.43...

DEBIAN-CVE-2025-32072

Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki Core - Feed Utils allows WebView Injection.This issue affects Mediawiki Core - Feed Utils: from 1.39 through 1.43...

Improper Encoding or Escaping of Output

Overview wikibase/wikibase is a Structured data repository for MediaWiki Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the ImageHandler::getDimensionsString method. An attacker can manipulate the output of the script by injecting malicious code in...

Improper Encoding or Escaping of Output

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the fee...

CVE-2025-32078 XSSes and potential RCE in Special:VersionCompare

Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - Version Compare Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Version Compare Extension: from 1.39 through 1.43...