CVEbaza.plCWE DictionaryCWE-838
Common Weakness Enumeration

CWE-838

Inappropriate Encoding for Output Context

Category: BaseCVE: 16
Description

The product uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected by the downstream component.

CVE vulnerabilities with CWE-838 (16)
9.8
CVSS
CRITICAL
CVE-2025-4052

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)

pub. 2025-05-05
9.8
CVSS
CRITICAL
CVE-2019-18981

Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.

pub. 2019-11-15
8.1
CVSS
HIGH
CVE-2020-10996

An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected.

pub. 2020-04-27
7.8
CVSS
HIGH
CVE-2018-9862

util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that value in the -u argument, a similar issue to CVE-2016-3697.

pub. 2018-04-09
7.5
CVSS
HIGH
CVE-2024-11702

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.

pub. 2024-11-26
6.8
CVSS
MEDIUM
CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

pub. 2019-01-31
6.5
CVSS
MEDIUM
CVE-2023-6512

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)

pub. 2023-12-06
5.3
CVSS
MEDIUM
CVE-2023-5770

Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.

pub. 2024-01-09
4.3
CVSS
MEDIUM
CVE-2024-34006

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.

pub. 2024-05-31
4.3
CVSS
MEDIUM
CVE-2023-3735

Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

pub. 2023-08-01
4.3
CVSS
MEDIUM
CVE-2020-7292

Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.

pub. 2020-07-15
4.1
CVSS
MEDIUM
CVE-2020-29135

cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).

pub. 2020-11-27
Information
ID: CWE-838
Type: Base
Vulnerabilities: 16
MITRE CWE ↗
← CWE Dictionary
CWE-838 — Inappropriate Encoding for Output Context | CWE Dictionary | CVEbaza.pl