EUVD-2023-30102

Malicious code in bioql PyPI...

EUVD-2024-53074

Malicious code in bioql PyPI...

Improper Encoding or Escaping of Output

Overview get-jwks is a Fetch utils for JWKS keys Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the getPublicKey process. An attacker can bypass issuer validation and gain unauthorized access by poisoning the JWKS cache with a crafted public key an...

WSO2 Identity Server 安全漏洞

WSO2 Identity Server IS is an identity server from the US-based WSO2 Inc. A security vulnerability exists in WSO2 Identity Server IS that stems from improperly encoded output and could lead to a reflective cross-site scripting attack...

CVE-2025-46703

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:AtMentions allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

CVE-2025-57880

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceWhoIsOnline allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

CVE-2025-48007

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

CVE-2025-46703

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:AtMentions allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

CVE-2025-48007

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

CVE-2025-57880

The CVE-2025-57880 entry concerns an XSS vulnerability in Hallo Welt! GmbH BlueSpice, specifically the BlueSpiceWhoIsOnline extension . Affected are BlueSpice versions 5 through 5.1.1 where improper encoding/escaping of output may allow script execution. The root cause is an output encoding flaw ...

CVE-2025-57880 Potential XSS in Extension:BlueSpiceWhoIsOnline

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceWhoIsOnline allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

CVE-2025-48007 Potential XSS in Extension:BlueSpiceAvatars

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

CVE-2025-48007

CVE-2025-48007 affects Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceAvatars) with versions 5 through 5.1.1. The issue is an improper encoding or escaping of output that enables Cross-Site Scripting (XSS). The connected sources consistently describe the vulnerability as an XSS in BlueSpice 5–5.1...

PT-2025-38532

Name of the Vulnerable Software and Affected Versions BlueSpice versions 5 through 5.1.1 Description An improper encoding or escaping of output issue exists in the AtMentions extension of BlueSpice, which can lead to Cross-Site Scripting XSS. Recommendations Update BlueSpice to a version later th...

BlueSpice 安全漏洞

BlueSpice is free Wiki software from BlueSpice based on the MediaWiki engine. A security vulnerability exists in BlueSpice versions 5 through 5.1.1, which stems from improper output encoding or escaping and could lead to cross-site scripting attacks...

PT-2025-37992

Name of the Vulnerable Software and Affected Versions HumanSuite versions prior to 53.21.0 Description HumanSuite is susceptible to multiple issues including improper encoding or escaping of output, improper neutralization of special elements in output used by a downstream component injection,...

Improper Encoding or Escaping of Output

Overview org.webjars.npm:element-plus is an A Component Library for Vue 3 Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the href attribute handling in the el-link component. An attacker can execute arbitrary scripts, redirect users to malicious...

The vulnerability of Mozilla Firefox and Firefox ESR browsers relates to improper encoding or filtering of output data. This allows attackers to bypass existing security restrictions and redirect users to another website.

The vulnerability of Mozilla Firefox and Firefox ESR browsers is related to improper encoding or evasion of output data during the processing of the embed tag. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and redirect users to another website...

The vulnerability of the IBM Guardium Data Protection platform regarding data security protection, which stems from improper encoding or hiding of output data, allows attackers to load arbitrary files.

The vulnerability of the IBM Guardium Data Protection platform regarding data security protection is related to improper encoding or hiding of output data. Exploiting this vulnerability allows a malicious actor to remotely upload arbitrary files...

CVE-2024-31868

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue...