CVE-2024-31868

CVE-2024-31868 affects Apache Zeppelin: improper encoding/escaping in the helium module enables cross-site scripting by modifying helium.json. Impact described as user-facing XSS; affects 0.8.2–0.11.0, fixed in 0.11.1. Remediation: upgrade to Zeppelin 0.11.1 or later. Other sources (Red Hat, Vera...

CVE-2024-31866 Apache Zeppelin: Interpreter download command does not escape malicious code injection

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELININTPCLASSPATHOVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to...

PT-2024-24254 · Apache · Apache Zeppelin

Name of the Vulnerable Software and Affected Versions: Apache Zeppelin versions 0.8.2 through 0.11.0 Description: The issue is related to improper encoding or escaping of output, allowing attackers to execute shell scripts or malicious code by overriding configuration like ZEPPELIN INTP CLASSPATH...

Improper access control

Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the emai...

CVE-2023-5770 HTML injection in email body through email subject

Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the emai...

PT-2023-7754 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWeb versions 6.2.0 through 6.2.8 Fortinet FortiWeb versions 6.3.0 through 6.3.23 Fortinet FortiWeb versions 7.0.0 through 7.0.9 Fortinet FortiWeb versions 7.2.0 through 7.2.5 Fortinet FortiWeb version 7.4.0 Description: The issu...

GHSA-PR4W-M4RP-GP87 PHPMemcachedAdmin vulnerable to cross-site scripting (XSS) via improper encoding

A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled...

PHPMemcachedAdmin vulnerable to cross-site scripting (XSS) via improper encoding

A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled...

CVE-2023-6027

A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled...

Cross site scripting

A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled...

CVE-2023-26279

IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160...

Design/Logic Flaw

IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160...

CVE-2023-26279 IBM QRadar WinCollect Agent improper output encoding

IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160...

CVE-2023-26279

IBM QRadar WinCollect Agent versions 10.0–10.1.7 contain an improper encoding/escaping issue that could allow a local user to perform unauthorized actions. The issue is documented across multiple sources (Red Hat, CNVD/CNNVD mirrors, IBM X-Force). A fix is available: upgrade to WinCollect Standal...

Improper Encoding

firefox is vulnerable to Improper Encoding. The vulnerability exists due to improperly validating curl command which allows an attacker to cause unintended behavior in smart contracts that rely on the sender's accurate identification...

Honeywell Experion PKS, LX and PlantCruise Improper Encoding or Escaping of Output (CVE-2023-24480)

Controller DoS due to stack overflow when decoding a message from the server This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid501610;...

Improper Encoding

openzeppelin/contracts is vulnerable to Improper Encoding. The vulnerability exists due to improperly validating ERC2771Context which allows an attacker to cause unintended behavior in smart contracts that rely on the sender's accurate identification...

Froxlor vulnerable to Improper Encoding or Escaping of Output

Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21...

CVE-2023-3668

Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21...

CVE-2023-3668

CVE-2023-3668 affects Froxlor (froxlor/froxlor) prior to version 2.0.21. The root cause is an improper encoding or escaping of output in the repository, which enables a command-execution vulnerability. Multiple sources confirm the impact as command execution in versions before 2.0.21. Remediation...