BIT-GITLAB-2025-12697 Improper Encoding or Escaping of Output in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions...

CVE-2026-24426

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...

CVE-2019-11547

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues...

CVE-2025-10853

Summary: CVE-2025-10853 is a reflected XSS vulnerability in the management console of multiple WSO2 products caused by improper output encoding. The issue allows a malicious actor to tamper with specific parameters to inject arbitrary JavaScript into responses, potentially leading to UI manipulat...

EUVD-2025-37927

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

EUVD-2019-3218

Malware in sbrugna...

EUVD-2022-5861

Malicious code in bioql PyPI...

EUVD-2024-49592

Malicious code in bioql PyPI...

EUVD-2023-3289

Malicious code in bioql PyPI...

CVE-2025-2254

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks...

CVE-2025-2254 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks...

CVE-2024-8180

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled...

Cross-site Scripting (XSS)

org.jenkins-ci.plugins:cloudbees-jenkins-advisor is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper output encoding due to failure to escape responses from the Jenkins Health Advisor server, allowing attackers to inject scripts through controlled server responses...

PT-2025-3240 · Unknown · Poll Maker

Name of the Vulnerable Software and Affected Versions: Poll Maker affected versions not specified Description: The issue is related to improper encoding or escaping of output in Poll Maker Team Poll Maker. This can potentially lead to security issues, but specific details about exploitation, such...

CVE-2024-8179

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled...

CVE-2024-8179 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled...

CVE-2024-8179

Removed by vendor...

GitLab 17.3 < 17.3.7 / 17.4 < 17.4.4 / 17.5 < 17.5.2 (CVE-2024-8180)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enable...

GHSA-C392-WHPC-VFPR Apache Airflow vulnerable to Improper Encoding or Escaping of Output

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

Stored Cross Site Scripting (XSS)

WSO2 is vulnerable to Stored Cross Site Scripting XSS. The vulnerability is due to improper output encoding. This issue can be exploited by an attacker by injecting malicious JavaScript payloads into the Registry feature of the Management Console...