CWE-116

High likelihood

Improper Encoding or Escaping of Output

Parent: CWE-707 - Improper Neutralization

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

446 vulnerabilities with CWE-116
CVE-2026-45011 HIGH
Apostrophe has stored XSS via javascript: URL in Image Widget Link
CVSS 7.3
CVE-2026-54133 CRITICAL
jmespath.php has CompilerRuntime code injection via unescaped function names
CVSS 9.8
CVE-2026-48485 LOW
Quest Bot: Stored warn reasons can still trigger bot-powered mass mentions through `/warns`.
CVE-2026-47188 LOW
Quest Bot: Unban and unwarn reason fields still allow bot-powered mass mentions.
CVE-2026-47175 LOW
Quest Bot: Moderation reason fields allow bot-powered `@everyone` / `@here` pings
CVE-2026-47173 MEDIUM
Quest Bot: Ticket reason allows mass-mention injection
CVE-2026-47171 HIGH
Quest Bot: Reminder messages allow stored mass mentions through `@everyone` and `@here`
CVE-2026-42558 HIGH
Xibo Vulnerable to Stored XSS and Iframe Sandbox Escape via Data Connector Script in DataSet
CVSS 7.6
CVE-2026-53693 MEDIUM
MISP BSimVis stored cross-site scripting in tag and cluster rendering paths via unescaped tag metadata and UI labels
CVE-2026-49472 MEDIUM
FreeSWITCH includes a vulnerable function, PREFIX(prologTok)() from libexpat
CVSS 5.3
CVE-2026-8795 HIGH
Rapid7 Velociraptor < 0.76.6 - Improper Encoding or Escaping of Output
CVSS 7.8
CVE-2026-46496 CRITICAL
HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft
CVE-2026-20245 HIGH KEV
Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability
CVSS 7.8
CVE-2026-42321 HIGH
GLPI has stored XSS in asset locks
CVE-2026-48598 LOW
CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection
CVE-2026-48209 HIGH
OTRS - Reflected XSS in Authenticated Agent Context
CVSS 7.1
CVE-2026-44713 HIGH
pam_usb: Command injection via $TMUX environment variable leads to RCE as root
CVSS 8.8
CVE-2026-45570 CRITICAL
go-git: Improper single-quote escaping in go-git SSH transport
CVSS 9.6
CVE-2026-44972 MEDIUM
GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content
CVSS 5.0
CVE-2026-9354 MEDIUM
NousResearch hermes-agent Slack Agent/Mattermost Agent escape output
CVSS 6.5
CVE-2026-26028 MEDIUM
CryptPad: Sanitizer Bypass in Diffmarked.js Allows Arbitrary HTML Injection and Potential XSS
CVSS 6.1
CVE-2026-34246 MEDIUM
CtrlPanel: Stored XSS in Admin Role Management via Unescaped DataTable HTML Output
CVSS 4.8
CVE-2026-44429 MEDIUM
MCP Registry: Stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl`
CVSS 5.4
CVE-2026-45375 CRITICAL
SiYuan: Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution
CVSS 9.0
CVE-2026-44588 CRITICAL
SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS
Details
Vulnerabilities 446
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits