Lucene search
K

34 matches found

Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.7 views

PT-2024-2114 · Fortinet · Forticlientems

Name of the Vulnerable Software and Affected Versions: Fortinet FortiClientEMS versions 6.0.0 through 6.0.8 Fortinet FortiClientEMS versions 6.2.0 through 6.2.9 Fortinet FortiClientEMS versions 6.4.0 through 6.4.9 Fortinet FortiClientEMS versions 7.0.0 through 7.0.10 Fortinet FortiClientEMS...

10CVSS7.9AI score0.01051EPSS
Exploits0References10
NVD
NVD
added 2023/11/07 6:15 p.m.24 views

CVE-2022-44738

Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3...

8.8CVSS0.00823EPSS
Exploits0References1
OSV
OSV
added 2023/11/07 4:15 p.m.4 views

CVE-2022-46802

Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce.This issue affects Product Reviews Import Export for WooCommerce: from n/a through 1.4.8...

9.8CVSS5.8AI score0.00702EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/07 12:0 a.m.5 views

PT-2023-28098 · WordPress · Directorist

Name of the Vulnerable Software and Affected Versions: Directorist – WordPress Business Directory Plugin with Classified Ads Listings versions 7.7.1 and earlier Description: The issue is related to the improper neutralization of formula elements in a CSV file, which affects the Directorist –...

8.8CVSS8.8AI score0.00498EPSS
Exploits0References4
Prion
Prion
added 2023/01/03 2:15 p.m.22 views

Cross site scripting

The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the userlogin parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web...

5.8CVSS5.9AI score0.00653EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2022/07/17 8:15 p.m.30 views

CVE-2022-31260

In Montala ResourceSpace through 9.8 before r19636, csvexportresultsmetadata.php allows attackers to export collection metadata via a non-NULL k value...

6.5CVSS0.0151EPSS
Exploits1References2
CVE
CVE
added 2022/04/11 2:40 p.m.80 views

CVE-2022-0914

The CVE-2022-0914 entry concerns the WordPress plugin “Export All URLs” (before version 4.3). According to connected sources (Red Hat, NVD, CVE records, Patchstack), the vulnerability is a CSRF flaw that can allow a logged-in admin to export all posts and pages (including private/draft) into an a...

6.5CVSS6.4AI score0.00635EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2022/03/17 9:15 p.m.8 views

PYSEC-2022-229

gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...

8.8CVSS7.2AI score0.01248EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/11/26 8:15 p.m.11 views

CVE-2021-23654

This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands vi...

9.8CVSS9.5AI score
Exploits0References2
Cvelist
Cvelist
added 2021/09/30 3:18 p.m.22 views

CVE-2021-24016

An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host...

3.7CVSS6.9AI score0.00488EPSS
Exploits0References1
Veracode
Veracode
added 2021/06/22 9:15 p.m.24 views

OS Command Injection

CSV is vulnerable to OS command injection. The vulnerability allows an attacker to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...

9.8CVSS2.3AI score0.24727EPSS
Exploits5References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/04/01 12:0 a.m.7 views

The vulnerability of the “Export” function in the web application for phpMyAdmin’s database administration system allows a hacker to execute arbitrary code.

The vulnerability of the “Export” function in the phpMyAdmin web application for database management involves the absence of a mechanism to neutralize elements in the CSV file. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by opening a specially crafted CSV file...

10CVSS8.2AI score0.01507EPSS
Exploits1References6Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/05/13 8:58 a.m.18 views

RSMembership! older than 1.22.11 ,Other

RSMembership! older than 1.22.11,Other UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...

0.7AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/05/13 8:58 a.m.17 views

RSEvents! Pro (March 2019),Other

RSEvents! Pro March 2019,Other new version number 2.2.1 UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...

1.3AI score
Exploits0
Rows per page
Query Builder