428 matches found
CVE-2026-42267 Kimai: Formula Injection via tag names in XLSX export
Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joi...
CVE-2026-42267
Kimai vulnerability CVE-2026-42267 affects Kimai versions 2.27.0 through before 2.54.0. A user with ROLE_USER can create a tag whose name is a formula string (for example =SUM(54+51)) via POST /api/tags and attach it to a timesheet. When an admin exports to XLSX, ArrayFormatter.formatValue() conc...
CVE-2026-42267 Kimai: Formula Injection via tag names in XLSX export
Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joi...
GHSA-XQ9M-HMP9-FW87 wger: CSV/TSV formula injection in gym member export (first_name/last_name)
Summary The gym member TSV export endpoint in wger writes firstname and lastname profile fields verbatim to TSV cells with no formula-prefix sanitization. Any gym member including newly self-registered users can pre-load a spreadsheet formula into their own profile. When a gym admin later exports...
wger: CSV/TSV formula injection in gym member export (first_name/last_name)
Summary The gym member TSV export endpoint in wger writes firstname and lastname profile fields verbatim to TSV cells with no formula-prefix sanitization. Any gym member including newly self-registered users can pre-load a spreadsheet formula into their own profile. When a gym admin later exports...
GHSA-3XC2-H5R3-WV3R Kimai vulnerable to formula Injection via tag names in XLSX export
Summary Any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joins tag names with implode and returns the result unchanged. OpenSpout promotes any...
Kimai vulnerable to formula Injection via tag names in XLSX export
Summary Any ROLEUSER can create a tag with a formula string as its name e.g. =SUM54+51 via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue joins tag names with implode and returns the result unchanged. OpenSpout promotes any...
CSV Injection
Overview Affected versions of this package are vulnerable to CSV Injection in the CSV export functionality. An attacker can cause command execution or data exfiltration by injecting malicious formulas into exported fields, which are then executed when the CSV file is opened in spreadsheet softwar...
CVE-2026-27644
Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...
CVE-2026-27644 traccar allows CSV formula injection via exported position data
Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...
EUVD-2026-27306
Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...
CVE-2026-27644 traccar allows CSV formula injection via exported position data
Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...
CVE-2026-27644
CVE-2026-27644 affects Traccar (versions 6.11.1–6.13.0). CSV export writes position data and computed attributes without proper escaping, enabling an attacker to inject spreadsheet formulas via exported fields. When opened in spreadsheet software, this can lead to formula execution and potential ...
CVE-2026-27644 traccar allows CSV formula injection via exported position data
Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...
CVE-2026-27644
Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...
CVE-2023-54348 ERPGo SaaS 3.9 CSV Injection via Vendor Creation
ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name fields that execute on the workstation of users who open the exported CSV in a spreadsheet application. Attackers can add malicious formulas like =10+20+cmd|' ...
CVE-2023-54348
CVE-2023-54348 affects ERPGo SaaS 3.9. The issue is a CSV injection vulnerability in vendor creation: an authenticated user can inject formula payloads into the vendor name field, which execute when the exported CSV is opened in spreadsheet applications. A sample payload is =10+20+cmd|' /C calc'!...
Traccar 安全漏洞
Traccar is a Java-based website building system provided by the American company Traccar. This software supports over 170 GPS protocols and over 1,500 types of GPS tracking devices. Traccar can be used alongside any major SQL database systems. It also offers a user-friendly REST API. There were...
PT-2026-37032
Name of the Vulnerable Software and Affected Versions Traccar versions 6.11.1 through 6.12.x Description The CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. This allows an attacker to inject spreadshee...
BIT-MOODLE-2025-67851 Moodle: moodle: formula injection allows arbitrary formula execution via unescaped data export
A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to...