245 matches found
CVE-2023-3668
CVE-2023-3668 affects Froxlor (froxlor/froxlor) prior to version 2.0.21. The root cause is an improper encoding or escaping of output in the repository, which enables a command-execution vulnerability. Multiple sources confirm the impact as command execution in versions before 2.0.21. Remediation...
PT-2023-25676 · Froxlor · Froxlor
Name of the Vulnerable Software and Affected Versions: froxlor versions prior to 2.0.21 Description: The issue is related to improper encoding or escaping of output in the GitHub repository froxlor/froxlor. Recommendations: For versions prior to 2.0.21, update to version 2.0.21 or later to resolv...
CVE-2023-2200 Improper Encoding or Escaping of Output in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field...
CVE-2023-3552
Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10...
CVE-2023-3552
The CVE-2023-3552 entry concerns TeamPass (nilsteampassnet/teampass) prior to version 3.0.10, where improper encoding or escaping of output enables cross-site scripting in folder names. The root cause is insufficient encoding/escaping of outputs, allowing injection of malicious content into the i...
PT-2023-25222 · Teampass · Teampass
Name of the Vulnerable Software and Affected Versions: TeamPass versions prior to 3.0.10 Description: The issue is related to improper encoding or escaping of output, which can lead to cross-site scripting filter bypass in folder names, potentially resulting in information disclosure...
CVE-2023-35890
CVE-2023-35890 affects IBM WebSphere Application Server 8.5 and 9.0. the issue is weaker-than-expected security caused by improper encoding in a local configuration file. IBM advisories link to fixes/upgrades; remediation varies by product: ITNCM (IBM Tivoli Netcool Configuration Manager) 6.4.2: ...
IBM WebSphere Application Server 8.5.5.23 < 8.5.5.24 / 9.0.5.15 < 9.0.5.17 (7007857)
The IBM WebSphere Application Server running on the remote host is affected by a improper encoding flaw. IBM WebSphere Application Server 8.5 and 9.0 traditional could provide weaker than expected security, caused by the improper encoding in a local configuration file. Note that Nessus has not...
CVE-2023-3190
Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9...
CVE-2023-3190 Improper Encoding or Escaping of Output in nilsteampassnet/teampass
Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9...
PT-2023-23506 · Teampass · Teampass
Name of the Vulnerable Software and Affected Versions: teampass versions prior to 3.0.9 Description: The issue is related to improper encoding or escaping of output in the GitHub repository nilsteampassnet/teampass. This may have led to stored cross-site scripting XSS vectors in the application d...
PT-2023-8824 · Unem +1 · Unem +1
Name of the Vulnerable Software and Affected Versions: FOXMAN-UN versions R9C through R16A UNEM versions R9C through R16A Description: A vulnerability exists in the FOXMAN-UN and UNEM logging component, affecting systems that use remote authentication to the network elements. If exploited, an...
Improper Encoding or Escaping of Output
Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output. Go Vulnerability Report:Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing...
Improper Encoding
Flatpak is vulnerable to Improper Encoding. A malicious attacker to craft a flatpack app with elevated permisions and hide them from its users which is resulted due to improper encoding...
Moodle Improper Encoding or Escaping of Output
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account...
GHSA-5FP8-C45M-256P Improper Encoding or Escaping of Output in Apache Superset
Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs...
Improper Encoding or Escaping of Output in Apache Superset
Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs...
CVE-2021-23283
Eaton Intelligent Power Protector IPP prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software...
Cross site scripting
Eaton Intelligent Power Protector IPP prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software...
GHSA-785X-QW4V-6872 Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri...