Total
213 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45348 | 1 Anmari | 1 Amr Users | 2023-11-15 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in anmari amr users.This issue affects amr users: from n/a through 4.59.4. | ||||
| CVE-2022-45360 | 1 Coffee2code | 1 Commenter Emails | 2023-11-15 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Scott Reilly Commenter Emails.This issue affects Commenter Emails: from n/a through 2.6.1. | ||||
| CVE-2022-45370 | 1 Webtoffee | 1 Wordpress Comments Import And Export | 2023-11-15 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1. | ||||
| CVE-2022-45078 | 1 Solwininfotech | 1 User Blocker | 2023-11-14 | 7.2 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Solwin Infotech User Blocker.This issue affects User Blocker: from n/a through 1.5.5. | ||||
| CVE-2023-41798 | 1 Wpwax | 1 Directorist | 2023-11-14 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist – WordPress Business Directory Plugin with Classified Ads Listing.This issue affects Directorist – WordPress Business Directory Plugin with Classified Ads Listings: from n/a through 7.7.1. | ||||
| CVE-2022-45810 | 1 Icegram | 1 Icegram Express | 2023-11-14 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a through 5.5.2. | ||||
| CVE-2022-46801 | 1 Geminilabs | 1 Site Reviews | 2023-11-14 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews.This issue affects Site Reviews: from n/a through 6.2.0. | ||||
| CVE-2022-46803 | 1 Noptin | 1 Noptin | 2023-11-14 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin – Noptin.This issue affects Simple Newsletter Plugin – Noptin: from n/a through 1.9.5. | ||||
| CVE-2022-46804 | 1 Narolainfotech | 1 Export Users Data Distinct | 2023-11-14 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3. | ||||
| CVE-2022-46809 | 1 Wpdeveloper | 1 Reviewx | 2023-11-14 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerce: from n/a through 1.6.7. | ||||
| CVE-2022-46802 | 1 Webtoffee | 1 Product Reviews Import Export For Woocommerce | 2023-11-13 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce.This issue affects Product Reviews Import Export for WooCommerce: from n/a through 1.4.8. | ||||
| CVE-2022-45357 | 1 Lenderd | 1 1003 Mortgage Application | 2023-11-13 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75. | ||||
| CVE-2023-25611 | 1 Fortinet | 1 Fortianalyzer | 2023-11-07 | 7.3 High |
| A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names. | ||||
| CVE-2022-4034 | 1 Dwbooster | 1 Appointment Hour Booking | 2023-11-07 | 7.8 High |
| The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | ||||
| CVE-2022-35281 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2023-11-07 | 8.8 High |
| IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335. | ||||
| CVE-2021-41270 | 2 Fedoraproject, Sensiolabs | 2 Fedora, Symfony | 2023-11-07 | 6.5 Medium |
| Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula injection. In Symfony 4.1, maintainers added the opt-in `csv_escape_formulas` option in the `CsvEncoder`, to prefix all cells starting with `=`, `+`, `-` or `@` with a tab `\t`. Since then, OWASP added 2 chars in that list: Tab (0x09) and Carriage return (0x0D). This makes the previous prefix char (Tab `\t`) part of the vulnerable characters, and OWASP suggests using the single quote `'` for prefixing the value. Starting with versions 4.4.34 and 5.3.12, Symfony now follows the OWASP recommendations and uses the single quote `'` to prefix formulas and add the prefix to cells starting by `\t`, `\r` as well as `=`, `+`, `-` and `@`. | ||||
| CVE-2021-38180 | 1 Sap | 1 Business One | 2023-11-07 | 9.8 Critical |
| SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while opening the file and the security settings of Excel allow for command execution. | ||||
| CVE-2021-23286 | 1 Eaton | 1 Intelligent Power Manager | 2023-11-07 | 8.0 High |
| Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions. | ||||
| CVE-2021-1475 | 1 Cisco | 1 Umbrella | 2023-11-07 | 4.1 Medium |
| Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-1474 | 1 Cisco | 1 Umbrella | 2023-11-07 | 8.6 High |
| Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||