Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-116

CWE-116

High likelihood

Improper Encoding or Escaping of Output

Parent: CWE-707 - Improper Neutralization

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

446 vulnerabilities with CWE-116

CVE-2023-6005 MEDIUM

EventON WordPress plugin <4.5.5-2.2.7 - XSS

CVE-2023-52102 HIGH

Huawei EMUI and HarmonyOS - Information Disclosure via WMS Module Parameter Verification

CVE-2023-52098 HIGH

Huawei DMS Module - Denial of Service

CVE-2023-42183 MEDIUM

lockss-daemon <1.77.3 - Auth Bypass

CVE-2023-45539 HIGH

HAProxy < 2.8.2 - Improper URI Component Handling via Fragment Identifier

CVE-2023-26279 LOW

IBM QRadar WinCollect Agent <10.1.7 - Privilege Escalation

CVE-2023-38316 CRITICAL

OpenNDS Captive Portal <10.1.2 - Command Injection

CVE-2023-48655 CRITICAL

MISP < 2.4.176 - SQL Injection via Improper Filtering of Query Parameters

CVE-2023-40453 MEDIUM

Docker Machine < 0.16.2 - Escape Sequence Injection and Denial of Service via Crafted Version Data

CVE-2023-5968 MEDIUM

Mattermost - Exposure of Sensitive Information via User Object Sanitization Failure

CVE-2023-4393 MEDIUM

LiquidFiles <3.7.13 - Command Injection

CVE-2023-45135 CRITICAL

XWiki Platform 7.2-milestone-2-14.10.12 - Remote Code Execution via Page Creation Title Parameter

CVE-2023-46301 CRITICAL

iTerm2 < 3.4.20 - Remote Code Execution via Escape Sequence Mishandling

CVE-2023-46300 CRITICAL

iTerm2 < 3.4.20 - Remote Code Execution via tmux Escape Sequence Mishandling

CVE-2023-5654 MEDIUM

React Developer Tools <= 4.28.4 - Browser-Mediated Arbitrary URL Fetch

CVE-2023-43620 HIGH

schollz/croc < 9.6.5 and >=0 < 9.6.16 - Terminal Injection via ANSI/CSI Escape Sequences in Filename

CVE-2023-41889 MEDIUM

SHIRASAGI <1.18.0 - Info Disclosure

CVE-2023-37875 LOW

Wing FTP Server <= 7.2.0 - Cross-Site Scripting in User Web Client

CVE-2023-4571 HIGH

Splunk IT Service Intelligence <4.13.3, 4.15.3, 4.17.1 - Code Injec...

CVE-2023-3481 MEDIUM

Critters 0.0.17-0.0.19 - Cross-Site Scripting in HTML Parser

CVE-2023-39390 HIGH

Window Management Module - Info Disclosure

CVE-2023-39386 HIGH

Huawei EMUI and HarmonyOS - Denial of Service via PMS Module Input Parameter

CVE-2023-39382 HIGH

Huawei EMUI and HarmonyOS - Denial of Service via Audio Module Input Verification

CVE-2023-39381 HIGH

Huawei EMUI and HarmonyOS - Input Verification Vulnerability in Storage Module

CVE-2023-40014 MEDIUM

OpenZeppelin Contracts <4.9.3 - Info Disclosure

Previous Page 10 of 18 Next

Details

Vulnerabilities 446

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy