CVE-2021-41161

Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue...

CVE-2019-12765

An issue was discovered in Joomla! before 3.9.7. The CSV export of comactionslogs is vulnerable to CSV injection...

EUVD-2025-5507

Malicious code in bioql PyPI...

EUVD-2022-2006

Malicious code in bioql PyPI...

CVE-2024-28111

Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken's incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who discovers an HTTP-base...

CVE-2020-27358

An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature that allows users to export their conversation threads as CSV allows non-privileged users to export one another's conversation threads by changing the threadid parameter in the request to the endpoint...

CVE-2024-9102

PHP LDAP Admin (phpLDAPadmin) versions 1.2.0 through 1.2.6.7 are vulnerable to CSV Formula Injection when exporting directory entries to CSV, because the export path does not neutralize elements that can be interpreted as commands by spreadsheet apps. This can allow an attacker-controlled data el...

CVE-2024-34448

Ghost before 5.82.0 allows CSV Injection during a member CSV export...