CVE-2025-50013

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jason Judge CSV Importer Improved csv-importer-improved allows Stored XSS.This issue affects CSV Importer Improved: from n/a through = 0.6.1...

CVE-2023-47295

A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings...

CVE-2023-47295

CVE-2023-47295 affects NCR Terminal Handler v1.5.1. The vulnerability is a CSV injection in exported data: attackers can inject a crafted payload into text fields and execute arbitrary commands. Per the CVE metadata, it has a CVSS v3.1 base score of 9.8 (CRITICAL) with Network attack vector, no p...

CVE-2023-47295

A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings...

PT-2025-26611 · Ncr · Ncr Terminal Handler

Name of the Vulnerable Software and Affected Versions: NCR Terminal Handler version 1.5.1 Description: A CSV injection issue allows attackers to execute arbitrary commands by injecting a crafted payload into any text field that accepts strings. Recommendations: For NCR Terminal Handler version...

CVE-2025-50013

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jason Judge CSV Importer Improved csv-importer-improved allows Stored XSS.This issue affects CSV Importer Improved: from n/a through = 0.6.1...

CVE-2025-50013

CVE-2025-50013 relates to the WordPress plugin CSV Importer Improved (versions

WordPress plugin CSV Importer Improved 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress CSV Importer Improved plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

PT-2025-26370 · Unknown · Csv Importer Improved

Name of the Vulnerable Software and Affected Versions: CSV Importer Improved versions 0.6.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...

WordPress CSV Importer Improved plugin <= 0.6.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Chu The Anh Blue Rock in WordPress Plugin CSV Importer Improved versions = 0.6.1...

Deserialization Of Untrusted Data

goodby-csv is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insecure deserialization due to the presence of classes that can be used in a gadget chain enabling remote code execution when deserializing untrusted data in a vulnerable application...

CVE-2025-6086 CSV Me <= 2.0 - Authenticated (Administrator+) Arbitrary File Upload

The CSV Me plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'csvmeoptionspage' function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload...

CVE-2025-6086 CSV Me <= 2.0 - Authenticated (Administrator+) Arbitrary File Upload

The CSV Me plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'csvmeoptionspage' function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload...

CVE-2025-6086

CVE-2025-6086 affects the WordPress plugin CSV Me (versions up to and including 2.0). The vulnerability stems from insufficient file type validation in the csv_me_options_page function, allowing an authenticated attacker with Administrator+ privileges to upload arbitrary files on the server, with...

WordPress plugin CSV Me 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2025-25858 · WordPress · Csv Me

Name of the Vulnerable Software and Affected Versions: CSV Me plugin for WordPress versions up to, and including, 2.0 Description: The issue is related to insufficient file type validation in the csv me options page function, allowing authenticated attackers with Administrator-level access and...

CVE-2025-49597

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview handcraftedinthealps/goodby-csv is a CSV import/export library Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the wakeup process. An attacker can execute arbitrary code by leveraging a gadget chain if...

handcraftedinthealps/goodby-csv has Potential Gadget Chain allowing Remote Code Execution

Impact goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This so-called "gadget chain" presents no direct threat but is a vector that can be used to achieve remote code execution if the application...

CVE-2025-49597

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This...