Total
222 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45350 | 1 Simple-history | 1 Simple History | 2024-09-04 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit tool: from n/a through 3.3.1. | ||||
| CVE-2023-36527 | 1 Bestwebsoft | 1 Post To Csv | 2024-09-04 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0. | ||||
| CVE-2022-45360 | 1 Coffee2code | 1 Commenter Emails | 2024-09-04 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Scott Reilly Commenter Emails.This issue affects Commenter Emails: from n/a through 2.6.1. | ||||
| CVE-2022-41616 | 1 Kaushikkalathiya | 1 Export Users Data | 2024-09-04 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV.This issue affects Export Users Data CSV: from n/a through 2.1. | ||||
| CVE-2022-46801 | 1 Geminilabs | 1 Site Reviews | 2024-09-04 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews.This issue affects Site Reviews: from n/a through 6.2.0. | ||||
| CVE-2022-46809 | 1 Wpdeveloper | 1 Reviewx | 2024-09-04 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerce: from n/a through 1.6.7. | ||||
| CVE-2022-46803 | 1 Noptin | 1 Noptin | 2024-09-04 | 9.8 Critical |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin – Noptin.This issue affects Simple Newsletter Plugin – Noptin: from n/a through 1.9.5. | ||||
| CVE-2022-46804 | 1 Narolainfotech | 1 Export Users Data Distinct | 2024-09-04 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3. | ||||
| CVE-2022-46821 | 1 Jackmail | 1 Jackmail | 2024-09-04 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Jackmail & Sarbacane Emails & Newsletters with Jackmail.This issue affects Emails & Newsletters with Jackmail: from n/a through 1.2.22. | ||||
| CVE-2022-45348 | 1 Anmari | 1 Amr Users | 2024-09-04 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in anmari amr users.This issue affects amr users: from n/a through 4.59.4. | ||||
| CVE-2022-45078 | 1 Solwininfotech | 1 User Blocker | 2024-09-04 | 7.2 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Solwin Infotech User Blocker.This issue affects User Blocker: from n/a through 1.5.5. | ||||
| CVE-2022-44738 | 1 Patrickrobrecht | 1 Posts And Users Stats | 2024-09-04 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3. | ||||
| CVE-2022-42882 | 1 Shambix | 1 Simple Csv\/xls Exporter | 2024-09-04 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter.This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8. | ||||
| CVE-2022-38702 | 1 Kigurumi | 1 Csv Exporter | 2024-09-04 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter.This issue affects WP CSV Exporter: from n/a through 2.0. | ||||
| CVE-2024-41226 | 1 Automationanywhere | 1 Automation 360 | 2024-09-03 | 8.8 High |
| A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. The payload is being injected in the http Response from the client-side, so the owner of the Response and payload is the end user in this case. They contend that the server's security controls have no impact or role to play in this situation and therefore this is not a valid vulnerability. | ||||
| CVE-2023-48029 | 1 Corebos | 1 Corebos | 2024-08-29 | 8.0 High |
| Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer. | ||||
| CVE-2023-45597 | 2024-08-28 | 5.9 Medium | ||
| A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “file_configuration” functionality of the web application (concerning the function “export_file”) allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. | ||||
| CVE-2023-31296 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-08-27 | 5.3 Medium |
| CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. | ||||
| CVE-2023-47534 | 1 Fortinet | 1 Forticlient Endpoint Management Server | 2024-08-12 | 8.7 High |
| A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets. | ||||
| CVE-2018-20752 | 1 Recon-ng Project | 1 Recon-ng | 2024-08-05 | N/A |
| An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote code execution for the attacker. | ||||