CVE-2024-54275

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wibergsweb CSV to html csv-to-html allows Reflected XSS.This issue affects CSV to html: from n/a through = 3.08...

CVE-2024-27321

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file containing Python...

CVE-2024-27320

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code...

CVE-2024-55988

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Amol Nirmala Waman Navayan CSV Export navayan-csv-export allows Blind SQL Injection.This issue affects Navayan CSV Export: from n/a through = 1.0.9...

CVE-2024-31892

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements...

CVE-2024-31998

Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability...

CVE-2024-31448

Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting XSS attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. Users unable to...

CVE-2025-22978

eladmin =2.7 is vulnerable to CSV Injection in the exception log download module...

CVE-2025-22978

eladmin =2.7 is vulnerable to CSV Injection in the exception log download module...

CVE-2025-22978

eladmin =2.7 is vulnerable to CSV Injection in the exception log download module...

PT-2025-4755 · Eladmin · Eladmin

Name of the Vulnerable Software and Affected Versions: eladmin versions =2.7 Description: The issue concerns CSV injection in the exception log download module. This allows for potential data manipulation or extraction. No information is provided about the estimated number of affected devices or...

ELADMIN 安全漏洞

ELADMIN is a backend management system for elunez individual developers. A security vulnerability exists in ELADMIN 2.7 and earlier versions, which stems from a CSV injection issue in the Exception Log Download module...

CVE-2025-22978

CVE-2025-22978 affects eladmin

CVE-2025-22978

eladmin =2.7 is vulnerable to CSV Injection in the exception log download module...

CVE-2025-22978

eladmin =2.7 is vulnerable to CSV Injection in the exception log download module...

CVE-2024-12772

The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability...

CVE-2024-12772

CVE-2024-12772 affects Ninja Tables – Easy Data Table Builder for WordPress. Multiple sources confirm a stored Cross-Site Scripting (XSS) vulnerability in Ninja Tables prior to version 5.0.17, triggered when outputting unsanitized CSV-import data back to the page. Root cause: inputs are not prope...

CVE-2024-12772 Ninja Tables < 5.0.17 - Admin+ Stored XSS

The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability...

CVE-2024-12772 Ninja Tables < 5.0.17 - Admin+ Stored XSS

The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability...

CVE-2023-46400

KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function...