Lucene search
+L

5 matches found

osv
osv
added 2026/06/04 6:46 p.m.8 views

GHSA-XF4V-W5X5-PV79 Spree: CSV Formula Injection in Customer Export

Summary CSV formula injection also known as formula injection or CSV injection affects customer export. User-controlled values customer names, email addresses, and shipping addresses. When an administrator opens a crafted Export in Microsoft Excel or LibreOffice Calc, formulas embedded in user da...

5.2CVSS6AI score
Exploits0References5
github
github
added 2026/06/04 6:46 p.m.28 views

Spree: CSV Formula Injection in Customer Export

Summary CSV formula injection also known as formula injection or CSV injection affects customer export. User-controlled values customer names, email addresses, and shipping addresses. When an administrator opens a crafted Export in Microsoft Excel or LibreOffice Calc, formulas embedded in user da...

6AI score
Exploits0References5Affected Software1
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.10 views

PT-2026-49156

Summary CSV formula injection also known as formula injection or CSV injection affects customer export. User-controlled values customer names, email addresses, and shipping addresses. When an administrator opens a crafted Export in Microsoft Excel or LibreOffice Calc, formulas embedded in user da...

5.2CVSS5.8AI score
Exploits0References6
cnnvd
cnnvd
added 2024/10/10 12:0 a.m.3 views

WordPress plugin Products, Order & Customers Export for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

6.1CVSS6AI score0.004EPSS
Exploits0References5
huntr
huntr
added 2021/09/29 1:6 a.m.6 views

Improper Authorization in blair2004/nexopos-4x

Description No authorization in downloading customer export file. Proof of Concept 1. Access this link in browser without logging in: http://v4.nexopos.com/export/customers-list.csv 2. See that you can download customer list file without logging in. Impact This vulnerability is capable of exposur...

0.2AI score
Exploits0
Rows per page
Query Builder