VYPR

CWE-116

Improper Encoding or Escaping of Output

ClassDraftLikelihood: High

Description

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-104 · CAPEC-73 · CAPEC-81 · CAPEC-85

CVEs mapped to this weakness (216)

page 1 of 11
  • CVE-2017-8303CriMay 5, 2017
    risk 0.66cvss 9.8epss 0.24

    An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.

  • CVE-2026-54133CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.00

    jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when…

  • CVE-2025-49013CriJun 9, 2025
    risk 0.64cvss 9.9epss 0.01

    WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of `${{ github.event.review.body }}` and other user controlled variables directly inside shell…

  • CVE-2018-9246CriJun 8, 2018
    risk 0.64cvss 9.8epss 0.03

    The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore()…

  • CVE-2026-20245HigKEVJun 4, 2026
    risk 0.63cvss 7.8epss 0.10

    A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands…

  • CVE-2024-7873CriSep 17, 2024
    risk 0.61cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - 83 Improper Neutralization of Script in Attributes in a Web Page vulnerability in Veribilim Software Veribase Order allows Stored XSS,…

  • CVE-2026-46496CriJun 5, 2026
    risk 0.60cvss epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of the `` component. The component allows `javascript:` URIs in the `source`…

  • CVE-2025-55730CriSep 9, 2025
    risk 0.58cvss 10.0epss 0.01

    XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the title in the confluence paste code macro allows remote code execution for any user who can…

  • CVE-2025-55729CriSep 9, 2025
    risk 0.58cvss 10.0epss 0.01

    XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the ac:type in the ConfluenceLayoutSection macro allows remote code execution for any user who can…

  • CVE-2024-9348HigOct 16, 2024
    risk 0.58cvss epss 0.00

    Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.

  • CVE-2026-47171HigJun 11, 2026
    risk 0.57cvss epss 0.00

    Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When the reminder triggers, the bot sends the stored message back into the channel…

  • CVE-2026-42810CriMay 4, 2026
    risk 0.57cvss 9.9epss 0.00

    Apache Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and `s3:prefix` conditions. In S3 IAM…

  • CVE-2018-15494CriAug 18, 2018
    risk 0.57cvss 9.8epss 0.03

    In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.

  • CVE-2025-11085HigNov 11, 2025
    risk 0.56cvss epss 0.00

    A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. This vulnerability can result in the execution of malicious JavaScript, allowing for account takeover, credential theft, or redirection to a malicious website.

  • CVE-2026-45570CriMay 27, 2026
    risk 0.55cvss 9.6epss 0.00

    go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A…

  • CVE-2025-1308HigMay 19, 2025
    risk 0.55cvss epss 0.00

    A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions.

  • CVE-2026-44588CriMay 14, 2026
    risk 0.54cvss epss 0.01

    SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in…

  • CVE-2025-55903HigOct 10, 2025
    risk 0.54cvss 8.3epss 0.00

    A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents.

  • CVE-2025-59936CriSep 27, 2025
    risk 0.54cvss 9.4epss 0.00

    get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss (issuer) claim is validated only after keys are retrieved from the cache, it is possible for cached…

  • CVE-2026-43938HigMay 12, 2026
    risk 0.53cvss 8.1epss 0.00

    YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 and 3.2.12, the application's database logger (YAFNET.Core/Logger/DbLogger.cs) captures the incoming request's User-Agent header into a JObject, serializes it with JsonConvert, and stores the result in the…