HackerOne: CSV Injection via the CSV export feature

Hi , I have managed to bypass your fix for 72785 by submitting a report with NewLine character 0x0a in the title before the CSV formula. Steps to reproduce: 1. As a researcher , Submit a report to a program with the title %0A-2+3+cmd|' /C calc'!D2 , here is an example request: POST...