564 matches found
EyouCms v1.6.2 - Cross-Site Scripting
EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /admin/twitter.php?activet. id: CVE-2023-41597 info: name: EyouCms v1.6.2 - Cross-Site Scripting author: ritikchaddha severity: medium description: | EyouCms v1.6.2 was discovered to...
SuperWebMailer 9.00.0.01710 - Cross-Site Scripting
An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords. id: CVE-2023-38192 info: name: SuperWebMailer 9.00.0.01710 - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 allowi...
SuperWebMailer - Cross-Site Scripting
An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter. id: CVE-2023-38194 info: name: SuperWebMailer - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 that allows...
ROS-20260629-73-0006
The vulnerability in ImageMagick 7 is related to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
Tridium Niagara Improper Encoding or Escaping of Output (CVE-2025-3942)
Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara...
CVE-2026-56347
AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site...
EUVD-2026-38134
AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar Vulnerability Details CVEID:CVE-2026-29146 DESCRIPTION: Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1...
Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Authentication, Insertion of Sensitive Information into Log File, Improper Encoding or Escaping of Output (CVE-2026-34500, CVE-2026-34487, CVE-2026-34483)
Summary There are vulnerabilities in tomcat-embed-core-10.1.52.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-34500, CVE-2026-34487, CVE-2026-34483. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-34483 DESCRIPTION: Improper Encoding or Escaping...
Improper Encoding or Escaping of Output
Overview org.webjars.npm:fabric is an Object model for HTML5 canvas, and SVG-to-canvas parser. Backed by jsdom and node-canvas. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the toSVG and getSvgStyles/getSvgSpanStyles paths in the gradient, object...
CVE-2026-46609
Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is rendered in the confirmation dialog without proper output encoding. This issue has been patched in version 17.4.0...
The vulnerability of the Go programming language lies in improper encoding or encapsulation of output data, allowing attackers to gain access to and modify these data.
The vulnerability of the Go programming language is related to incorrect encoding or escaping of output data when processing the tag’s type attribute. Exploiting this vulnerability can allow an attacker to gain read and modify access to data remotely...
Twig: XSS in profiler HtmlDumper via unescaped template and profile names
Description Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName straight into its HTML output without escaping: php protected function formatTemplateProfile $profile, $prefix: string return \sprintf'%s└ %s', $prefix, self::$colors'template', $profile-getTemplate; The...
GHSA-2G2G-8P8H-FGWM Twig: XSS in profiler HtmlDumper via unescaped template and profile names
Description Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName straight into its HTML output without escaping: php protected function formatTemplateProfile $profile, $prefix: string return \sprintf'%s└ %s', $prefix, self::$colors'template', $profile-getTemplate; The...
CVE-2025-10503
The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...
CVE-2024-4867
The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user's browser. By leveraging this cross-site...
CVE-2026-36460
CVE-2026-36460 affects Dovestones Softwares ADPhonebook prior to v4.0.1.1. The issue is a Cross Site Scripting flaw in the /Admin/Save API where an authenticated admin can store malicious JavaScript payloads in multiple configuration sections due to missing input validation or output encoding. Af...
EUVD-2026-34140
Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding...
LTD_Communication
LTD Communication — Cybersecurity Course Project Vulnerable...
Improper Encoding or Escaping of Output
Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the UrlGenerator due to incorrectly encoding chained dot-segments ../ or ./. The legacy...