CWE-838— Inappropriate Encoding for Output Context
The product uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected by the downstream component.— MITRE CWE catalog
14 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-838page 1 of 1
- CVE-2018-9862HIGHCVSS 7.8EG 7.82018-04-09
util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that v…
- CVE-2019-18981CRITICALCVSS 9.8EG 9.82019-11-15
Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.
- CVE-2019-6110MEDIUMCVSS 6.8EG 6.82019-01-31
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files be…
- CVE-2020-10996HIGHCVSS 8.1EG 8.12020-04-27
An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected.
- CVE-2020-29135MEDIUMCVSS 4.1EG 4.12020-11-27
cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).
- CVE-2020-7292MEDIUMCVSS 4.3EG 4.32020-07-15
Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.
- CVE-2021-35246MEDIUMCVSS 5.3EG 5.32022-11-23
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a…
- CVE-2023-3735MEDIUMCVSS 4.3EG 4.32023-08-01
Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-5770MEDIUMCVSS 5.3EG 5.32024-01-09
Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability …
- CVE-2023-6512MEDIUMCVSS 6.5EG 6.52023-12-06
Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)
- CVE-2024-11702HIGHCVSS 7.5EG 7.52024-11-26
Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.
- CVE-2024-34006MEDIUMCVSS 4.3EG 4.32024-05-31
The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.
- CVE-2025-4052CRITICALCVSS 9.8EG 9.82025-05-05
Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium sec…
- CVE-2026-53641MEDIUMCVSS 4.8EG 4.82026-07-06
FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a stored cross-site scripting (XSS) vulnerability in the client-facing email history views of FOSSBilling. Email HTML content (`cont…
Map vulnerabilities like CWE-838 to your infrastructure
EchelonGraph correlates every CVE — across CWE-838 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →