VYPR

CWE-116

Improper Encoding or Escaping of Output

ClassDraftLikelihood: High

Description

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-104 · CAPEC-73 · CAPEC-81 · CAPEC-85

CVEs mapped to this weakness (216)

page 5 of 11
  • CVE-2026-26028MedMay 20, 2026
    risk 0.33cvss 6.1epss 0.00

    CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute filtering on restricted tags. The sanitizer validates only the src attribute of , , and…

  • CVE-2026-39826MedMay 7, 2026
    risk 0.33cvss 6.1epss 0.00

    If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block.

  • CVE-2026-41426MedApr 24, 2026
    risk 0.33cvss 6.1epss 0.00

    pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as…

  • CVE-2026-6019MedApr 22, 2026
    risk 0.33cvss 6.1epss 0.00

    http.cookies.Morsel.js_output() returns an inline inside the generated script element. Mitigation base64-encodes the cookie value to disallow…

  • CVE-2026-40302MedApr 17, 2026
    risk 0.33cvss 6.1epss 0.00

    zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template (which performs no HTML escaping) instead of html/template. The GitHub OAuth callback handlers in both publicProxy and…

  • CVE-2026-27469MedFeb 21, 2026
    risk 0.33cvss 6.1epss 0.00

    Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting (XSS) vulnerability affecting the website and author comment fields. The website field was HTML-escaped…

  • CVE-2025-34141MedJul 22, 2025
    risk 0.33cvss epss 0.02

    A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the…

  • CVE-2026-34246MedMay 19, 2026
    risk 0.31cvss 4.8epss 0.00

    CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable() method…

  • CVE-2026-40567MedApr 21, 2026
    risk 0.31cvss 5.8epss 0.00

    FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database…

  • CVE-2026-40593MedApr 18, 2026
    risk 0.31cvss 4.8epss 0.00

    ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor (UserEditor.php) renders stored usernames directly into an HTML input value attribute without applying htmlspecialchars(). An administrator can save a username containing HTML…

  • CVE-2026-6058MedApr 21, 2026
    risk 0.29cvss 4.5epss 0.00

    ** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the WLAN to cause a denial-of-service (DoS) condition in the web management interface by…

  • CVE-2026-44429MedMay 14, 2026
    risk 0.28cvss 5.4epss 0.00

    The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / (file internal/api/handlers/v0/ui_index.html) is vulnerable to stored cross-site scripting via the server.websiteUrl field…

  • CVE-2026-41318MedApr 24, 2026
    risk 0.28cvss 5.4epss 0.00

    AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's `alt` text…

  • CVE-2026-40483MedApr 18, 2026
    risk 0.28cvss 5.4epss 0.00

    ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the Pledge Editor renders donation comment values directly into HTML input value attributes without escaping via htmlspecialchars(). An authenticated user with Finance permissions can inject HTML…

  • CVE-2026-35208MedApr 6, 2026
    risk 0.28cvss 5.4epss 0.00

    lichess.org is the forever free, adless and open source chess server. Any approved streamer can inject arbitrary HTML into /streamer and the homepage “Live streams” widget by placing markup in their Twitch/YouTube stream title. CSP is present and blocks inline script…

  • CVE-2026-0818MedJan 28, 2026
    risk 0.28cvss 4.3epss 0.00

    When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer…

  • CVE-2025-0607MedOct 6, 2025
    risk 0.28cvss 4.3epss 0.00

    Improper Encoding or Escaping of Output vulnerability in Logo Software Inc. Logo Cloud allows Phishing. This issue affects Logo Cloud: before 2.57.

  • CVE-2025-8276MedSep 16, 2025
    risk 0.28cvss 4.3epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Patika Global Technologies…

  • CVE-2026-49472MedJun 9, 2026
    risk 0.27cvss 5.3epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIX(prologTok)(), in…

  • CVE-2026-40023MedApr 10, 2026
    risk 0.27cvss 5.3epss 0.01

    Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets in log messages, NDC, and MDC property…