VYPR

CWE-116

Improper Encoding or Escaping of Output

ClassDraftLikelihood: High

Description

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-104 · CAPEC-73 · CAPEC-81 · CAPEC-85

CVEs mapped to this weakness (216)

page 2 of 11
  • CVE-2026-28907HigMay 11, 2026
    risk 0.53cvss 8.1epss 0.00

    The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security…

  • CVE-2025-11713HigOct 14, 2025
    risk 0.53cvss 8.1epss 0.00

    Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4,…

  • CVE-2026-45375CriMay 14, 2026
    risk 0.52cvss 9.0epss 0.00

    SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan's Bazaar (community marketplace) renders the name and version fields of a package's plugin.json (and the equivalent theme.json / template.json / widget.json / icon.json) into the Settings →…

  • CVE-2016-2568HigFeb 13, 2017
    risk 0.51cvss 7.8epss 0.00

    pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

  • CVE-2026-44713HigMay 27, 2026
    risk 0.50cvss 8.8epss 0.00

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component directly into a shell command passed to popen(). Because the…

  • CVE-2026-35582HigApr 18, 2026
    risk 0.50cvss 8.8epss 0.01

    Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The…

  • CVE-2026-35569HigApr 15, 2026
    risk 0.50cvss 8.7epss 0.00

    ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields (SEO Title and Meta Description), where user-controlled input is rendered without proper output encoding into…

  • CVE-2014-9938HigMar 20, 2017
    risk 0.50cvss 8.8epss 0.02

    contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.

  • CVE-2024-46547HigDec 9, 2024
    risk 0.49cvss 7.5epss 0.00

    A vulnerability was found in Romain Bourdon Wampserver all versions (discovered in v3.2.3 and v3.2.6) where unauthorized users could access sensitive information due to improper access control validation via PHP Info Page. This issue can lead to data leaks.

  • CVE-2018-1048HigJan 24, 2018
    risk 0.49cvss 7.5epss 0.02

    It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of…

  • CVE-2017-12064HigAug 1, 2017
    risk 0.49cvss 7.5epss 0.01

    The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows attackers to bypass intended access restrictions via a crafted name.

  • CVE-2016-3063HigFeb 7, 2017
    risk 0.49cvss 7.5epss 0.01

    Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors.

  • CVE-2026-42321HigJun 3, 2026
    risk 0.48cvss epss 0.00

    GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch.

  • CVE-2026-40568HigApr 21, 2026
    risk 0.48cvss 8.5epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting (XSS) vulnerability in the mailbox signature feature. The sanitization function `Helper::stripDangerousTags()` (`app/Misc/Helper.php:568`) uses an…

  • CVE-2026-45011HigJun 12, 2026
    risk 0.47cvss 7.3epss 0.00

    ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors…

  • CVE-2026-43939HigMay 12, 2026
    risk 0.47cvss 7.3epss 0.00

    YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 and 3.2.12, the thread posting and reply feature accepts user-supplied content via a a post or reply that is stored server-side and later rendered back into the thread page without adequate HTML sanitization or…

  • CVE-2026-40871HigApr 21, 2026
    risk 0.47cvss 7.2epss 0.10

    mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantine_category field via the Mailcow API. The /api/v1/add/mailbox endpoint stores quarantine_category without…

  • CVE-2026-23880HigJan 19, 2026
    risk 0.47cvss 7.3epss 0.00

    OnboardLite is a comprehensive membership lifecycle platform built for student organizations at the University of Central Florida. Versions of the software prior to commit 1d32081a66f21bcf41df1ecb672490b13f6e429f have a stored cross-site scripting vulnerability that can be…

  • CVE-2026-48209HigJun 1, 2026
    risk 0.46cvss 7.1epss 0.00

    An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS) attacks via crafted request parameters associated with ticket actions. By injecting…

  • CVE-2026-33941HigMar 27, 2026
    risk 0.46cvss 8.2epss 0.00

    Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates user-controlled strings — template file names and several CLI options —…