Fallos del tipo CWE-116
285 resultadosCVE-2025-12734LOWImproper Encoding or Escaping of Output in GitLabEPSS 0.2%CVE-2026-23880HIGHOnboardLite has stored Cross-site Scripting issue that may lead to admin Account Take OverEPSS 0.2%CVE-2024-4420MEDIUMDenial of Service in Tink-ccEPSS 0.2%CVE-2025-24025LOWCoolify Vulnerable to Reflected XSS on Tag SearchEPSS 0.2%CVE-2026-40483MEDIUMChurchCRM: Stored XSS in PledgeEditor.php via Donation Comment FieldEPSS 0.2%CVE-2026-49472MEDIUMFreeSWITCH includes a vulnerable function, PREFIX(prologTok)() from libexpatEPSS 0.2%CVE-2026-48209HIGHReflected XSS in authenticated agent contextEPSS 0.2%CVE-2023-26279LOWIBM QRadar WinCollect Agent improper output encodingEPSS 0.2%CVE-2026-42040LOWAxios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParamsEPSS 0.2%CVE-2026-34246MEDIUMCtrlPanel: Stored XSS in Admin Role Management via Unescaped DataTable HTML OutputEPSS 0.2%CVE-2026-27469MEDIUMIsso: Stored XSS via comment website fieldEPSS 0.2%CVE-2026-6058MEDIUM** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00EPSS 0.2%CVE-2025-46340HIGHMisskey CSS Style Injection Vulnerability In `MkUrlPreview`EPSS 0.2%CVE-2026-22712LOWApprovedRevs allows bypassing the inline CSS sanitizerEPSS 0.2%CVE-2026-45011HIGHApostrophe has stored XSS via javascript: URL in Image Widget LinkEPSS 0.2%CVE-2026-40302MEDIUMzrok has reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error renderingEPSS 0.2%CVE-2024-27629HIGHAn issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the generated file name is not properly escaEPSS 0.2%CVE-2026-25230MEDIUMFileRise affected by HTML Injection using color property in file tagsEPSS 0.2%CVE-2026-40593MEDIUMChurchCRM: Stored XSS in UserEditor.php via Login Name FieldEPSS 0.2%CVE-2025-48062HIGHDiscourse vulnerable to HTML injection when inviting to topic via emailEPSS 0.2%