Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-116

CWE-116

High likelihood

Improper Encoding or Escaping of Output

Parent: CWE-707 - Improper Neutralization

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

446 vulnerabilities with CWE-116

CVE-2023-0595 MEDIUM

EcoStruxure Geo SCADA Expert <October 2022 - Info Disclosure

CVE-2022-22399 MEDIUM

IBM Aspera Faspex <5.0.1 - HTTP Header Injection

CVE-2022-36392 HIGH

Intel(R) AMT & Intel(R) Standard Manageability <11.8.94-16.1.27 - DoS

CVE-2022-43713 HIGH

GX Software XperienCentral <10.35.0 - Info Disclosure

CVE-2022-31458 MEDIUM

RTX TRAP v1.0 - Host Header Injection

CVE-2022-30351 HIGH

PDFZorro Online r20220428 - Info Disclosure

CVE-2022-46387 CRITICAL

Cmder < 1.3.2 and ConEmu < 22.08.07 - Command Injection via Terminal Title Control Characters

CVE-2022-42948 CRITICAL KEV

Cobalt Strike 4.7.1 - Remote Code Execution via HTML Injection in Swing UI

CVE-2022-48339 HIGH

GNU Emacs < 28.2 - OS Command Injection in htmlfontify.el

CVE-2022-45102 MEDIUM

Dell EMC Data Protection Central <19.7 - Host Header Injection

CVE-2022-45143 HIGH

Apache Tomcat <10.1.1 - Info Disclosure

CVE-2022-28284 HIGH

Firefox < 99.0 - Cross-Site Scripting via SVG Use Element

CVE-2022-22744 HIGH

Firefox < 96.0 and Firefox ESR < 91.5 - Command Injection via DevTools Copy as curl

CVE-2022-43543 MEDIUM

docomo/softbank/kddi +Message < 3.9.4 - URL Spoofing via Unicode Control Character Mishandling

CVE-2022-43883 MEDIUM

IBM Cognos Analytics <11.2.1 - Log Injection

CVE-2022-41934 CRITICAL

XWiki Platform < 13.10.8 - Authenticated Remote Code Execution via Menu Macro Injection

CVE-2022-40870 HIGH

Parallels Remote Application Server <18.0 - Command Injection

CVE-2022-0421 MEDIUM

Five Star Restaurant Reservations WP <2.4.12 - XSS

CVE-2022-4011 MEDIUM

Simple History Plugin - Info Disclosure

CVE-2022-34316 LOW

IBM CICS TX 11.1 - Cross-Site Scripting via HTTP Headers

CVE-2022-3941 MEDIUM

Activity Log Plugin - Info Disclosure

CVE-2022-41443 CRITICAL

phpipam 1.5.0 - Header Injection via ripe-query.php Component

CVE-2022-41322 HIGH

kitty < 0.26.2 - Remote Code Execution via Desktop Notification Escape Sequence

CVE-2022-39958 HIGH

OWASP ModSecurity Core Rule Set 3.0.0-3.2.1 and 3.3.2 - Response Body Exfiltration via HTTP Range Header Bypass

CVE-2022-39957 HIGH

OWASP ModSecurity Core Rule Set - Auth Bypass

Previous Page 12 of 18 Next

Details

Vulnerabilities 446

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy