Total
222 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36334 | 1 Dell | 1 Emc Cloud Link | 2024-09-16 | 5.9 Medium |
| Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine | ||||
| CVE-2022-27858 | 1 Activity Log Project | 1 Activity Log | 2024-09-16 | 7.4 High |
| CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress. | ||||
| CVE-2018-1774 | 1 Ibm | 1 Api Connect | 2024-09-16 | N/A |
| IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692. | ||||
| CVE-2023-22877 | 1 Ibm | 1 Infosphere Information Server | 2024-09-16 | 7 High |
| IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368. | ||||
| CVE-2019-4364 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2024-09-16 | 8.0 High |
| IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680. | ||||
| CVE-2022-41675 | 1 Raidenmaild | 1 Raidenmaild | 2024-09-16 | 8 High |
| A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the user side. | ||||
| CVE-2018-7304 | 1 Tiki | 1 Tiki | 2024-09-16 | N/A |
| Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation. | ||||
| CVE-2020-4759 | 1 Ibm | 1 Filenet Content Manager | 2024-09-16 | 7.8 High |
| IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736. | ||||
| CVE-2021-25960 | 1 Salesagility | 1 Suitecrm | 2024-09-16 | 8 High |
| In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the data as a CSV file and opens it, the payload gets executed. This was not fixed properly as part of CVE-2020-15301, allowing the attacker to bypass the security measure. | ||||
| CVE-2021-23654 | 1 Html-to-csv Project | 1 Html-to-csv | 2024-09-16 | 5.6 Medium |
| This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files. | ||||
| CVE-2022-26867 | 1 Dell | 3 Powerstore T, Powerstore X, Powerstoreos | 2024-09-16 | 5.9 Medium |
| PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file. | ||||
| CVE-2018-16275 | 1 Opswat | 1 Metadefender | 2024-09-16 | N/A |
| OPSWAT MetaDefender before v4.11.2 allows CSV injection. | ||||
| CVE-2024-27785 | 1 Fortinet | 1 Fortiaiops | 2024-09-09 | 5.1 Medium |
| An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps version 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports. | ||||
| CVE-2023-23678 | 1 Wpeka | 1 Wp Cookie Consent | 2024-09-05 | 7.2 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent ( for GDPR, CCPA & ePrivacy ).This issue affects WP Cookie Consent ( for GDPR, CCPA & ePrivacy ): from n/a through 2.2.5. | ||||
| CVE-2023-22719 | 1 Givewp | 1 Givewp | 2024-09-05 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1. | ||||
| CVE-2022-45357 | 1 Lenderd | 1 1003 Mortgage Application | 2024-09-05 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75. | ||||
| CVE-2023-25983 | 1 Liquidweb | 1 Kb Support | 2024-09-04 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84. | ||||
| CVE-2022-47442 | 1 Ayecode | 1 Userswp | 2024-09-04 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9. | ||||
| CVE-2023-23796 | 1 Web-settler | 1 Form Builder | 2024-09-04 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder | Create Responsive Contact Forms.This issue affects Form Builder | Create Responsive Contact Forms: from n/a through 1.9.9.0. | ||||
| CVE-2022-46802 | 1 Webtoffee | 1 Product Reviews Import Export For Woocommerce | 2024-09-04 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce.This issue affects Product Reviews Import Export for WooCommerce: from n/a through 1.4.8. | ||||