Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-116

CWE-116

High likelihood

Improper Encoding or Escaping of Output

Parent: CWE-707 - Improper Neutralization

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

446 vulnerabilities with CWE-116

CVE-2021-38182 HIGH

Kyma < 1.24.7 - Authenticated Privilege Escalation via Header Injection

CVE-2021-40007 MEDIUM

Huawei eCNS280_TD V100R005C10SPC650 - Information Disclosure via Improper Log Output Management

CVE-2021-43410 MEDIUM

Apache Airavata Django Portal <3c5d8c7 - Log Injection

CVE-2021-20844 MEDIUM

Yamaha RTX830, NVR510, NVR700W, RTX1210 Firmware - Authenticated Information Disclosure via HTTP Header Injection

CVE-2021-42250 MEDIUM

Apache Superset < 1.3.2 - Authenticated Log Forgery via HTTP Endpoint

CVE-2021-41232 HIGH

Thunderdome <1.16.3 - Command Injection

CVE-2021-41191 HIGH

Roblox-Purchasing-Hub <1.0.2 - Info Disclosure

CVE-2021-41132 CRITICAL

OMERO.web < 5.11.0 - Cross-Site Scripting via Improper HTML Escaping

CVE-2021-21684 MEDIUM

Jenkins Git Plugin < 4.8.2 - Stored Cross-Site Scripting via Git SHA-1 Checksum Parameter

CVE-2021-33672 CRITICAL

SAP Contact Center 700 - Stored Cross-Site Scripting and Remote Code Execution via Chat Message

CVE-2021-39170 HIGH

pimcore < 10.1.2 - Authenticated Stored Cross-Site Scripting via Custom Metadata

CVE-2021-39367 MEDIUM

Canon Oce Print Exec Workgroup 1.3.2 - Open Redirect

CVE-2021-22254 LOW

GitLab <14.1.2-14.0.7-13.12.9 - Privilege Escalation

CVE-2021-38751 MEDIUM

ExponentCMS < 2.6 - HTTP Host Header Injection in exponent_constants.php

CVE-2021-32072 MEDIUM

Mitel MiCollab <9.3 - Info Disclosure

CVE-2021-32067 MEDIUM

Mitel MiCollab <9.3 - Info Disclosure

CVE-2021-30589 MEDIUM

Google Chrome <92.0.4515.107 - CSRF

CVE-2021-32812 MEDIUM

monkshu <= 2.90 - Reflected Cross-Site Scripting via Error Response

CVE-2021-34630 MEDIUM

GTranslate < 2.8.65 - Reflected Cross-Site Scripting via REQUEST_URI Output

CVE-2021-32796 MEDIUM

xmldom < 0.7.0 - XML Injection via Improper Character Escaping

CVE-2021-20333 MEDIUM

MongoDB <3.6.20, <4.0.21, <4.2.10 - Info Disclosure

CVE-2021-30640 MEDIUM

Apache Tomcat <10.0.6, <9.0.46, <8.5.66 - Auth Bypass

CVE-2021-32679 LOW

Nextcloud Server <19.0.13, 20.0.11, 21.0.3 - Info Disclosure

CVE-2021-23205 HIGH

Gallagher Command Centre <8.40.1888-8.30.1359-8.20.1259-8.10 - Priv...

CVE-2021-20195 CRITICAL

Keycloak < 13.0.0 - Stored Cross-Site Scripting via User-Supplied Data Fields

Previous Page 15 of 18 Next

Details

Vulnerabilities 446

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy