CSV+ vulnerable to cross-site scripting

Overview CSV+ provided by Plus one is a tabbed CSV editor. CSV+ contains a cross-site scripting vulnerability CWE-79. Satoki Tsuji reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a CSV file containing a t...

Csv+ 跨站脚本漏洞

Csv+ is a new Csv editor from the Japanese individual developer Masaki Enomoto. CSV+ suffers from a cross-site scripting vulnerability that exists due to insufficient cleaning of user-supplied data. A remote attacker can trick a victim into following specially crafted links and execute arbitrary...