Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-74 (输出中的特殊元素转义处理不恰当(注入)) — Vulnerability Class 373

373 vulnerabilities classified as CWE-74 (输出中的特殊元素转义处理不恰当(注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-47119 HTML injection in oneboxed links — discourse 5.3 Medium2023-11-10
CVE-2017-20187 Magnesium-PHP Base.php formatEmailString injection — Magnesium-PHP 3.5 Low2023-11-05
CVE-2023-43667 Apache InLong: Log Injection in Global functions — Apache InLong 5.3 -2023-10-16
CVE-2023-44109 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.5 -2023-10-11
CVE-2022-4145 Content spoofing — openshift 4.3 Medium2023-10-05
CVE-2023-3665 Trellix Endpoint Security 代码注入漏洞 — Trellix Endpoint Security 5.5 Medium2023-10-04
CVE-2023-43655 Remote Code Execution via web-accessible composer.phar — composer 6.4 Medium2023-09-29
CVE-2023-43656 Sandbox escape for instances that have enabled transformation functions in matrix-hookshot — matrix-hookshot 5.6 Medium2023-09-27
CVE-2022-3962 Kiali: error message spoofing in kiali ui — Red Hat OpenShift Service Mesh 2.3 for RHEL 8 4.3 Medium2023-09-23
CVE-2023-4843 Pegasystem PEGA Platform 跨站脚本漏洞 — Pega Platform 4.3 Medium2023-09-08
CVE-2023-39424 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in RDPngFileUpload.dll — IRM Next Generation 9.9 Critical2023-09-07
CVE-2023-41039 Sandbox escape via various forms of "format" in RestrictedPython — RestrictedPython 8.3 High2023-08-30
CVE-2023-4478 Parameter tampering in the registration resulting in blocked accounts to be created — Mattermost 4.3 Medium2023-08-25
CVE-2023-40035 Craft CMS vulnerable to Remote Code Execution via validatePath bypass — cms 7.2 High2023-08-23
CVE-2023-4212 Trane Thermostats Injection — XL824 Thermostat 6.8 Medium2023-08-22
CVE-2023-4450 jeecgboot JimuReport Template injection — JimuReport 6.3 Medium2023-08-21
CVE-2023-4157 Improper Neutralization of Special Elements in Output Used by a Downstream Component in omeka/omeka-s — omeka/omeka-s 5.2 Medium2023-08-04
CVE-2023-37897 Server-side Template Injection (SSTI) in grav — grav 7.2 High2023-07-18
CVE-2023-37462 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-skin-ui — xwiki-platform 10.0 Critical2023-07-14
CVE-2023-37473 Limited code execution in zenstruck/collections — collection 8.6 High2023-07-14
CVE-2023-36830 SQLFluff vulnerability for users with access to config file, using `library_path` to call arbitrary python code. — sqlfluff 6.3 Medium2023-07-06
CVE-2023-36812 Remote Code Execution in OpenTSDB — opentsdb 9.8 Critical2023-06-30
CVE-2023-36469 Code injection through NotificationRSSService in XWiki Platform — xwiki-platform 10.0 Critical2023-06-29
CVE-2023-36470 Code injection in icon themes of XWiki Platform — xwiki-platform 10.0 Critical2023-06-29
CVE-2023-36471 HTML sanitizer allows form elements in restricted in org.xwiki.commons:xwiki-commons-xml — xwiki-commons 9.1 Critical2023-06-29
CVE-2023-3380 Wavlink WN579X3 Ping Test adm.cgi injection — WN579X3 4.7 Medium2023-06-23
CVE-2023-2797 Path traversal in GitHub plugin's code preview feature — Mattermost Github Plugin 3.1 Low2023-06-16
CVE-2019-25150 Email Templates <= 1.3 - HTML Injection — Email Templates Customizer and Designer for WordPress and WooCommerce 8.8 High2023-06-07
CVE-2023-33234 Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration — Apache Airflow CNCF Kubernetes Provider 4.9 -2023-05-30
CVE-2023-32679 Remote Code Execution via unrestricted file extension in Craft CMS — cms 7.2 High2023-05-19

Vulnerabilities classified as CWE-74 (输出中的特殊元素转义处理不恰当(注入)) represent 373 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.