Lucene search
PRIOn knowledge basePRION:CVE-2021-23654HistoryNov 26, 2021 - 8:15 p.m.
Design/Logic Flaw
2021-11-2620:15:00
PRIOn knowledge base
www.prio-n.com
6
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files.
| CPE | Name | Operator | Version |
|---|---|---|---|
| html-to-csv | le | 0.1.3 |
Related
osv
osv
Improper Neutralization of Formula Elements in a CSV File in html-2-csv
2021-11-30 22:22:16
PYSEC-2021-866
2021-11-26 20:15:00
CVE-2021-23654
2021-11-26 20:15:07
cnvd
cnvd
Unspecified vulnerability in html2csv
2021-11-30 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2021-11-29 04:02:40
cvelist
cvelist
CVE-2021-23654 Improper Input Validation
2021-11-26 00:00:00
github
github
Improper Neutralization of Formula Elements in a CSV File in html-2-csv
2021-11-30 22:22:16
nvd
nvd
CVE-2021-23654
2021-11-26 20:15:07
cve
cve
CVE-2021-23654
2021-11-26 20:15:07