VYPR

CWE-116

Improper Encoding or Escaping of Output

ClassDraftLikelihood: High

Description

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-104 · CAPEC-73 · CAPEC-81 · CAPEC-85

CVEs mapped to this weakness (216)

page 6 of 11
  • CVE-2026-40021MedApr 10, 2026
    risk 0.27cvss 5.3epss 0.01

    Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list , in versions before 3.3.0, fail to sanitize characters…

  • CVE-2017-12340MedNov 30, 2017
    risk 0.27cvss 4.2epss 0.00

    A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating…

  • CVE-2026-33597LowApr 22, 2026
    risk 0.24cvss 3.7epss 0.00

    PRSD detection denial of service

  • CVE-2026-33657MedApr 13, 2026
    risk 0.23cvss 4.6epss 0.00

    EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard (non-administrative) privileges to inject arbitrary HTML into system-generated email…

  • CVE-2026-44458MedMay 13, 2026
    risk 0.21cvss 4.3epss 0.00

    Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS…

  • CVE-2026-35651MedApr 10, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling…

  • CVE-2023-28362MedJan 9, 2025
    risk 0.19cvss 4.0epss 0.00

    The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header.

  • CVE-2026-42040LowApr 24, 2026
    risk 0.17cvss 3.7epss 0.00

    Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode() function in lib/helpers/AxiosURLSearchParams.js contains a character mapping (charMap) at line 21 that reverses the safe percent-encoding of null bytes. After…

  • CVE-2026-47188LowJun 11, 2026
    risk 0.15cvss epss 0.00

    Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the latest release suppresses mentions in several moderation commands, but /unban and /unwarn still echo user-controlled reason text in public bot messages without…

  • CVE-2026-47175LowJun 11, 2026
    risk 0.15cvss epss 0.00

    Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo user-controlled reason text in public bot replies without disabling mention parsing. A moderator who does not have permission to…

  • CVE-2026-48485LowJun 12, 2026
    risk 0.14cvss epss 0.00

    Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons are still printed by /warns without mention suppression. A moderator can create a…

  • CVE-2026-33436LowApr 17, 2026
    risk 0.13cvss 3.1epss 0.00

    Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML without sanitization. An attacker can craft…

  • CVE-2025-60787Oct 3, 2025
    risk 0.08cvss epss 0.24

    MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when…

  • CVE-2025-1795LowFeb 28, 2025
    risk 0.08cvss epss 0.01

    During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header…

  • CVE-2013-4547Nov 23, 2013
    risk 0.08cvss epss 0.68

    nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.

  • CVE-2026-48598LowJun 2, 2026
    risk 0.07cvss epss 0.00

    Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.part_headers_for_disposition/1 interpolates each disposition parameter as #{k}="#{v}" with no…

  • CVE-2022-30781May 16, 2022
    risk 0.03cvss epss 0.88

    Gitea before 1.16.7 does not escape git fetch remote.

  • CVE-2026-52846Jun 16, 2026
    risk 0.00cvss epss 0.00

    ### Summary Caddy’s `stripHTML` template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as `<<>img src=x onerror=alert()>`, can bypass the tag-stripping logic, potentially leaving dangerous content in the output if it is later…

  • CVE-2026-54287Jun 16, 2026
    risk 0.00cvss epss 0.00

    ### Summary On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple `Set-Cookie` headers into one comma-separated value. Because commas also appear inside cookie attributes (for example `Expires` dates), clients cannot split the value back…

  • CVE-2026-44311Jun 12, 2026
    risk 0.00cvss epss 0.00

    ### Summary A potential Cross-Site Scripting (XSS) vulnerability exists in Fabric.js due to improper escaping of user-controlled input during SVG serialization via the `toSVG()` method. Specifically, the `color` field within the `colorStops` array of a `fabric.Gradient` object…