Total
213 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25445 | 1 Bookingcore | 1 Booking Core | 2023-11-07 | 7.8 High |
| The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed. | ||||
| CVE-2020-22277 | 1 Codection | 1 Import And Export Users And Customers | 2023-11-07 | 8.0 High |
| Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile. | ||||
| CVE-2020-10131 | 1 Searchblox | 1 Searchblox | 2023-11-07 | 9.8 Critical |
| SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter. | ||||
| CVE-2019-20184 | 1 Keepass | 1 Keepass | 2023-11-07 | 7.8 High |
| KeePass 2.4.1 allows CSV injection in the title field of a CSV export. | ||||
| CVE-2019-20002 | 1 Solarwinds | 1 Webhelpdesk | 2023-11-07 | 7.8 High |
| Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. | ||||
| CVE-2022-40294 | 1 Phppointofsale | 1 Php Point Of Sale | 2023-10-25 | 8.8 High |
| The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers. | ||||
| CVE-2023-43071 | 1 Dell | 1 Smartfabric Storage Software | 2023-10-06 | 5.4 Medium |
| Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks. | ||||
| CVE-2023-22877 | 1 Ibm | 1 Infosphere Information Server | 2023-08-31 | 8.8 High |
| IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368. | ||||
| CVE-2023-38843 | 1 Atlos | 1 Atlos | 2023-08-23 | 8.0 High |
| An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted payload into the description field in the incident function. | ||||
| CVE-2023-37219 | 1 Tadirantele | 1 Aeonix | 2023-08-04 | 7.8 High |
| Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File | ||||
| CVE-2023-4006 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-08-03 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16. | ||||
| CVE-2022-27858 | 1 Activity Log Project | 1 Activity Log | 2023-08-02 | 9.8 Critical |
| CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. | ||||
| CVE-2022-28864 | 1 Nokia | 1 Netact | 2023-08-02 | 8.8 High |
| An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used. | ||||
| CVE-2023-3527 | 1 Avaya | 1 Call Management System | 2023-07-28 | 6.8 Medium |
| A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel. | ||||
| CVE-2023-28958 | 1 Ibm | 1 Watson Knowledge Catalog On Cloud Pak For Data | 2023-07-13 | 7.8 High |
| IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782. | ||||
| CVE-2023-3493 | 1 Fossbilling | 1 Fossbilling | 2023-07-06 | 8.0 High |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3. | ||||
| CVE-2022-46408 | 1 Ericsson | 1 Network Manager | 2023-07-06 | 6.8 Medium |
| Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker would need admin/elevated access to exploit the vulnerability. | ||||
| CVE-2023-3302 | 1 Admidio | 1 Admidio | 2023-06-29 | 7.8 High |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9. | ||||
| CVE-2023-31867 | 1 Sage | 1 X3 | 2023-06-28 | 7.2 High |
| Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection. | ||||
| CVE-2023-33410 | 1 Minical | 1 Minical | 2023-06-09 | 8.8 High |
| Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file. | ||||