Improper Output Neutralization and Improper Encoding or Escaping of Output for Logs in ansible

An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri...

Ubuntu 18.04 LTS / 20.04 LTS : Django vulnerabilities (USN-5269-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5269-1 advisory. Keryn Knight discovered that Django incorrectly handled certain template tags. A remote attacker could possibly use this issue to perform a...

Django 跨站脚本漏洞

Django is the Django Foundation's set of open source web application framework based on the Python language. The framework includes an object-oriented mapper, view system, template system, etc. A cross-site scripting vulnerability exists in Django, which stems from the product's % debug %...

Cross-site Scripting (XSS)

snipe-it is vulnerable to cross-site scripting attacks. The vulnerability exists because the custom field values in API response in transformAsset function of AssetsTransformer.php is not properly encoded which allows an attacker to inject and execute arbitrary Javascript...

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to cross-site scripting. This is due to improper encoding of the tags, which allows an attacker to insert and execute malicious javascript...

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Typo3 association in Switzerland. TYPO3 suffers from a cross-site scripting vulnerability that stems from a failure to properly encode user input. No detailed vulnerability details are currently available...

nginx 0.8.41 <= 1.5.6 Improper Encoding or Escaping of Output Vulnerability

nginx is prone to a improper encoding or escaping of output vulnerability due to bypass intended restrictions via an unescaped space character in a URI. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2021-23205

Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to...

CVE-2021-23205

Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to...

CVE-2021-23205

Gallagher Command Centre Server is affected by an improper encoding/escaping vulnerability that lets a Command Centre Operator alter the configuration of controllers and other hardware items beyond their privileges. Affected versions include Gallagher Command Centre 8.40 before 8.40.1888 (MR3), 8...

CVE-2021-23205

Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

It is an offensive tool for various areas. The repository contains a collection of vulnerable docker environments, including: CouchDB FFmpeg Git InfluxDB Jenkins Nginx Oracle Java Apache HTTP Server GitLab FastJSON Jenkins Electron The vulnerabilities include: CVE-2016-9086 GitLab CVE-2016-10134...

Red Hat Keycloak Input Validation Error Vulnerability

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. Red Hat Keycloak has an input validation error vulnerability that arises from not properly encoding user-supplied data fields and using...

CVE-2021-20405

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183...

CVE-2021-20405

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183...

Design/Logic Flaw

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183...

CVE-2021-20405

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output. IBM X-Force ID: 196183...

CVE-2021-20405

CVE-2021-20405 affects IBM Security Verify Information Queue (ISIQ) versions 1.0.6 and 1.0.7. The root cause is improper encoding of output in web error/message handling, which could allow a user to perform unauthorized activities or disclose information via improperly encoded responses. IBM’s bu...

Security Bulletin: IBM Security Verify Information Queue does not properly encode error messages sent to web users (CVE-2021-20405)

Summary When an error occurs while using the IBM Security Verify Information Queue ISIQ web application, the status messages sent back to the user are not properly encoded. This could lead to information disclosure, which could then be leveraged in a phishing attack. As of v10.0.0, the ISIQ web...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments, including ones related to CVE-2016-9086, CVE-2017-1000353, CVE-2013-4547, and CVE-2018-1000006. The target...