CVE-2025-32078

CVE-2025-32078 is an XSS flaw in the Wikimedia Foundation MediaWiki Version Compare Extension (versions 1.39–1.43). The issue stems from improper encoding/escaping of output in the extension, enabling Cross-Site Scripting. Affected product: MediaWiki Version Compare Extension; affected versions: ...

CVE-2025-32072

CVE-2025-32072 is an Improper Encoding or Escaping of Output issue in MediaWiki Core — Feed Utils, allowing WebView injection. Affected versions are MediaWiki Core Feed Utils from 1.39 through 1.43. The Debian LTS advisory DLA-4249 (mediawiki) indicates remediation via a security update fixing CV...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the Wikimedia USA Foundation. The product can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki - Feed Utils versions 1.39 through 1.43, which...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the Wikimedia USA Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki - A security vulnerability exists in Confirm Account Extension versions 1.39 throug...

PT-2025-16136 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: Mediawiki Core - Feed Utils versions 1.39 through 1.43 Description: The issue is related to improper encoding or escaping of output, which allows WebView Injection. This is a problem where output is not properly encoded or escaped, potentiall...

CVE-2025-30657

An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon SRRD of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When a device configured for flow-monitoring receives a specific BGP update message, i...

Improper Encoding or Escaping of Output

Overview django-tomselect is a Django autocomplete widgets and views using Tom Select Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in form widget input, including the labelfield parameter. An attacker can hide the contents between tags in code from...

Cross-Site Scripting (XSS)

clickstorm/cs-seo is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper encoding of user input in the TYPO3 backend user interface, allowing a logged-in backend user to inject malicious scripts...

CVE-2024-50629

Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors...

CVE-2024-50629

Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors...

Synology DiskStation Manager（DSM）和Synology BeeStation Manager 安全漏洞

Synology DiskStation Manager DSM and Synology BeeStation Manager are both products of China-based Synology Corporation.Synology DiskStation Manager is an operating system for use on networked storage servers NAS. The operating system manages information such as data, files, photos, music, etc...

Reflected Cross-Site Scripting (Reflected XSS)

laravel/framework is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to improper encoding of route parameters in the debug-mode error page, allows an attacker to inject and execute malicious scripts in a victim’s browser by tricking them into visiting a...

Reflected Cross-Site Scripting (Reflected XSS)

laravel/framework is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to improper encoding of request parameters in the debug-mode error page, allowing user input to be reflected without proper sanitization...

GHSA-546H-56QP-8JMW Laravel framework susceptible to reflected cross-site scripting

The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page...

GHSA-83WP-F5C3-HQQR Laravel framework susceptible to reflected cross-site scripting

The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page...

Cross-site Scripting (XSS)

Overview laravel/framework is a PHP framework for web artisans. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper encoding of route parameters in the debug-mode error page. When the application is in debug mode APPDEBUG=true and encounters an error, the...

CVE-2024-13919

The CVE-2024-13919 entry concerns Laravel framework versions 11.9.0 to 11.35.1, which are vulnerable to reflected cross-site scripting due to improper encoding of route parameters on the debug-mode error page. Affected component: Laravel routing/debug-mode error page handling. Root cause (as stat...

CVE-2024-13918 Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page

The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page...

Python Improper Encoding of Output Vulnerability (Feb 2025) - Mac OS X

Python is prone to an improper encoding of output vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

CVE-2024-56277

Improper Encoding or Escaping of Output vulnerability in Ays Pro Poll Maker poll-maker.This issue affects Poll Maker: from n/a through 5.5.5...