Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-116

CWE-116

High likelihood

Improper Encoding or Escaping of Output

Parent: CWE-707 - Improper Neutralization

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

446 vulnerabilities with CWE-116

CVE-2022-25235 CRITICAL

libexpat < 2.4.5 - Improper Encoding or Escaping of Output

CVE-2022-23620 MEDIUM

XWiki < 13.6 - Path Traversal via SSX Document Reference Export

CVE-2022-24682 MEDIUM KEV

Zimbra Collaboration Suite <8.8.15 patch 30 (update 1) - XSS

CVE-2022-0220 MEDIUM

WordPress GDPR & CCPA < 1.9.26 - Unauthenticated Stored Cross-Site Scripting via check_privacy_settings AJAX Action

CVE-2022-23603 CRITICAL

iTunesRPC-Remastered - Code Injection

CVE-2022-22992 HIGH

Western Digital My Cloud OS < 5.19.117 - Remote Code Execution via Improper Shell Argument Escaping

CVE-2022-0210 MEDIUM

Random Banner WordPress <4.1.4 - XSS

CVE-2022-0124 MEDIUM

GitLab <14.4.5, 14.5.0-14.5.3, 14.6.0-14.6.1 - Open Redirect

CVE-2021-47694 MEDIUM

Nagios XI < 5.8.6 - Reflected Cross-Site Scripting via CCM Test Command

CVE-2021-25262 MEDIUM

Yandex Browser for Android <21.3.0 - Open Redirect

CVE-2021-25254 MEDIUM

Yandex Browser Lite for Android < 21.1.0 - Address Bar Spoofing

CVE-2021-38997 MEDIUM

IBM API Connect <10.0.5.0 - HTTP Header Injection

CVE-2021-42010 CRITICAL

Apache Heron <= 0.20.4-incubating - CRLF Log Injection

CVE-2021-40694 MEDIUM

moodle < 3.9.10 - Unauthenticated Arbitrary File Read via LaTeX Preamble

CVE-2021-4041 HIGH

ansible-runner < 2.1.0 - Command Injection via Improper Shell Command Escaping

CVE-2021-23266 MEDIUM

Crafter CMS 3.1-3.1.17 - Unauthenticated Log Injection via URL Parameter

CVE-2021-39027 MEDIUM

IBM Guardium Data Encryption <5.0.0 - Info Disclosure

CVE-2021-29854 HIGH

IBM Maximo Asset Management 7.6.1.1-7.6.1.2 - HTTP Header Injection via HOST Header

CVE-2021-45848 HIGH

nicotine+ 3.0.3-3.2.1 - Denial of Service via File Path Null Character

CVE-2021-43106 MEDIUM

Compass Plus TranzWare Online FIMI Web Interface <5.3.33.3 F38 & FI...

CVE-2021-45226 MEDIUM

COINS Construction Cloud <11.12 - Open Redirect

CVE-2021-29872 MEDIUM

IBM Cloud Pak for Automation 21.0.1-21.0.2 - HTTP Header Injection via HOST Header

CVE-2021-4068 MEDIUM

Google Chrome < 96.0.4664.93 - Cross-Origin Data Leak via New Tab Page

CVE-2021-0933 HIGH

Android - Remote Escalation of Privilege via Bluetooth Pairing Dialog HTML Injection

CVE-2021-44042 CRITICAL

UiPath Assistant - Stored Cross-Site Scripting via URI Handler Error Message

Previous Page 14 of 18 Next

Details

Vulnerabilities 446

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy