Total
213 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31295 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-01-08 | 7.5 High |
| CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. | ||||
| CVE-2023-50448 | 1 Activeadmin | 1 Activeadmin | 2024-01-04 | 6.5 Medium |
| In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain specific times. | ||||
| CVE-2023-31296 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-01-04 | 5.3 Medium |
| CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. | ||||
| CVE-2023-51763 | 1 Activeadmin | 1 Active Admin | 2024-01-03 | 9.8 Critical |
| csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection. | ||||
| CVE-2020-16214 | 1 Philips | 1 Patient Information Center Ix | 2023-12-12 | 5.0 Medium |
| In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | ||||
| CVE-2023-48207 | 1 Phpjabbers | 1 Availability Booking Calendar | 2023-12-11 | 8.8 High |
| Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. | ||||
| CVE-2023-42004 | 1 Ibm | 1 Security Guardium | 2023-12-04 | 8.8 High |
| IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262. | ||||
| CVE-2023-48029 | 1 Corebos | 1 Corebos | 2023-11-25 | 8.0 High |
| Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer. | ||||
| CVE-2022-46821 | 1 Jackmail | 1 Jackmail | 2023-11-16 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Jackmail & Sarbacane Emails & Newsletters with Jackmail.This issue affects Emails & Newsletters with Jackmail: from n/a through 1.2.22. | ||||
| CVE-2023-36527 | 1 Bestwebsoft | 1 Post To Csv | 2023-11-15 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0. | ||||
| CVE-2023-25983 | 1 Liquidweb | 1 Kb Support | 2023-11-15 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84. | ||||
| CVE-2023-23796 | 1 Web-settler | 1 Form Builder | 2023-11-15 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder | Create Responsive Contact Forms.This issue affects Form Builder | Create Responsive Contact Forms: from n/a through 1.9.9.0. | ||||
| CVE-2023-23678 | 1 Wpeka | 1 Wp Cookie Consent | 2023-11-15 | 7.2 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent ( for GDPR, CCPA & ePrivacy ).This issue affects WP Cookie Consent ( for GDPR, CCPA & ePrivacy ): from n/a through 2.2.5. | ||||
| CVE-2023-22719 | 1 Givewp | 1 Givewp | 2023-11-15 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1. | ||||
| CVE-2022-44738 | 1 Patrickrobrecht | 1 Posts And Users Stats | 2023-11-15 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3. | ||||
| CVE-2022-41616 | 1 Kaushikkalathiya | 1 Export Users Data | 2023-11-15 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1. | ||||
| CVE-2022-38702 | 1 Kigurumi | 1 Csv Exporter | 2023-11-15 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter.This issue affects WP CSV Exporter: from n/a through 2.0. | ||||
| CVE-2022-42882 | 1 Shambix | 1 Simple Csv\/xls Exporter | 2023-11-15 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter.This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8. | ||||
| CVE-2022-47442 | 1 Ayecode | 1 Userswp | 2023-11-15 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9. | ||||
| CVE-2022-45350 | 1 Simple-history | 1 Simple History | 2023-11-15 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit tool: from n/a through 3.3.1. | ||||