Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-116

CWE-116

High likelihood

Improper Encoding or Escaping of Output

Parent: CWE-707 - Improper Neutralization

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

446 vulnerabilities with CWE-116

CVE-2022-39956 HIGH

OWASP ModSecurity Core Rule Set 3.0.0-3.2.1 & 3.3.2 - Bypass via Character Encoding in MIME Headers

CVE-2022-36100 CRITICAL

XWiki Platform <14.4 - Code Injection

CVE-2022-36099 CRITICAL

XWiki Platform Wiki UI Main Wiki <13.10.6-14.4 - Code Injection

CVE-2022-35153 CRITICAL

FusionPBX 5.0.1 - OS Command Injection via Fax Send Endpoint

CVE-2022-2619 MEDIUM

Google Chrome < 104.0.5112.79 - Script Injection via Malicious Extension

CVE-2022-2241 MEDIUM

Featured Image from URL (FIFU) < 4.0.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting

CVE-2022-36446 CRITICAL

Webmin < 1.997 - Remote Code Execution via Unescaped UI Command

CVE-2022-2099 MEDIUM

WooCommerce < 6.6.0 - Stored Cross-Site Scripting in Payment Gateway Titles

CVE-2022-20230 MEDIUM

Android - Local Information Disclosure via KeyChain choosePrivateKeyAlias

CVE-2022-34820 HIGH

SIMATIC and SIPLUS CP Firmware - Remote Code Execution via Authentication Field Injection

CVE-2022-32549 MEDIUM

Apache Sling Commons Log <= 5.4.0 & Apache Sling API <= 2.25.0 - Co...

motor-admin <0.2.56 - Host Header Injection

CVE-2022-29258 HIGH

XWiki Platform <12.10.11-14.0-rc-1-13.4.7-13.10.3 - XSS

CVE-2022-29252 HIGH

XWiki Platform Wiki UI Main Wiki <5.3-milestone-2 - XSS

CVE-2022-29251 HIGH

XWiki Platform Flamingo Theme UI <12.10.11,14.0-rc-1,13.4.7,13.10.3...

CVE-2022-29599 CRITICAL

Apache Maven maven-shared-utils <3.3.3 - Command Injection

CVE-2022-28960 HIGH

SPIP < 3.2.8 - Remote Code Execution via _oups Parameter

CVE-2022-30966 MEDIUM

Jenkins Random String Parameter Plugin <1.0 - XSS

CVE-2022-30781 HIGH

Gitea < 1.16.7 - Remote Code Execution via Git Fetch Remote

CVE-2022-0935 HIGH

livehelperchat/livehelperchat <3.97 - SSRF

CVE-2022-0741 MEDIUM

GitLab 10.0.0-14.6.5 - Environment Variable Exposure via Sendmail Email Address Injection

CVE-2022-0450 MEDIUM

Menu Image Icons made easy <3.0.6 - CSRF

CVE-2022-26174 CRITICAL

Beekeeper Studio < 3.7.10 - Remote Code Execution via Display Field Injection

CVE-2022-22734 MEDIUM

Simple Quotation < 1.3.2 - Cross-Site Scripting via Quote Creation/Editing

CVE-2022-22151 HIGH

Yokogawa Electric - Info Disclosure

Previous Page 13 of 18 Next

Details

Vulnerabilities 446

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy