CVE-2024-37284

Improper handling of alternate encoding occurs when Elastic Defend on Windows systems attempts to scan a file or process encoded as a multibyte character. This leads to an uncaught exception causing Elastic Defend to crash which in turn will prevent it from quarantining the file and/or killing th...

CVE-2024-37284 Elastic Defend Improper Handling of Alternate Encoding Leads to Crash

Improper handling of alternate encoding occurs when Elastic Defend on Windows systems attempts to scan a file or process encoded as a multibyte character. This leads to an uncaught exception causing Elastic Defend to crash which in turn will prevent it from quarantining the file and/or killing th...

Improper Encoding or Escaping of Output

Overview koji is a system for building and tracking RPMS. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output due to improper user input sanitization. Remediation Upgrade koji to version 1.33.2, 1.34.3, 1.35.1 or higher. References - Koji Commit - Koji Issu...

CVE-2024-8179 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled...

CVE-2024-47845

Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...

CVE-2024-47845 CSS sanitizer used incorrectly, and is easily bypassed

Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...

Improper Encoding (Escaping Of Output)

Apache Airflow is vulnerable to Improper Encoding Escaping of Output. The vulnerability is due to the example DAG exampleinleteventextra.py allowing authenticated attackers with DAG trigger permissions to execute arbitrary commands...

Cross-Site Scripting (XSS)

typo3/cms is vulnerable to Cross-Site Scripting XSS.The vulnerability is caused due to improper encoding of editor input, allowing authenticated editors to inject arbitrary HTML...

Improper Encoding Or Escaping Of Output

php81 is vulnerable to Improper Encoding or Escaping of Output. The vulnerability is due to insufficient escaping when using the procopen command with array syntax, allowing malicious users to execute arbitrary commands in the Windows shell by supplying controlled arguments...

Cross-site Scripting (XSS)

typo3/cms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper encoding of user input, allowing authenticated editors to inject arbitrary HTML or JavaScript...

Cross-site Scripting (XSS)

typo3/cms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper encoding of editor input in the search result view, allowing authenticated editors to inject arbitrary HTML...

PT-2024-40148 · Packagist · Typo3/Cms-Core

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue arises from the failure to properly encode information from external sources. Specifically, the language pack handling in the install tool is susceptible to cross-site...

Cross-site Scripting (XSS)

silverstripe/framework is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper encoding of validation messages in certain FormField classes, which can present invalid content as part of the validation response resulting in XSS...

The vulnerability of the Apache Maven framework, related to improper encoding or output filtering, allows attackers to execute injection attacks through command-line interfaces.

The vulnerability of the Apache Maven framework is related to the generation of strings in double quotes without proper encapsulation. Exploiting this vulnerability allows an attacker to perform injection attacks through the command shell...

CVE-2024-34687

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, includin...

Cross-site Scripting (XSS)

Apache Zeppelin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper encoding or escaping of output in the helium module. An attacker can modify helium.json and perform attacks on normal users by injecting malicious scripts...

Apache Zeppelin vulnerable to cross-site scripting in the helium module

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. Attackers can modify helium.json and perform cross-site scripting attacks on normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the...

Improper escaping in Apache Zeppelin

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELININTPCLASSPATHOVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to...

CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue...

CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue...