5078 matches found
CVE-2023-46400
KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function...
CVE-2023-46400
KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function...
CVE-2023-46401
KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function...
CVE-2023-46400
KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function...
CVE-2023-46401
KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function. Affected product: KWHotel (desktop/web/mobile) version 0.47. Root cause: CSV formula injection in the Add Invoice feature. Impact is described as high for confidentiality, integrity, and availability per CVE metri...
CVE-2023-46400
KWHotel 0.47 is vulnerable to CSV Formula Injection in the add guest function...
CVE-2023-46401
KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function...
CVE-2023-46400
KWHotel 0.47 is vulnerable to CSV Formula Injection in the Add Guest function. The CVE-2023-46400 entry is corroborated by multiple sources (NVD, Red Hat, CVE lists, CNNVD) with the same description. Affected component: the Add Guest functionality in KWHotel 0.47. Root cause: CSV formula injectio...
CVE-2023-46401
KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function...
WordPress Event Monster 1.4.3 Information Disclosure Vulnerability
CVE-2024-11396 Event monster = 1.4.3 - Information Exposure Via Visitors List Export Description The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Expor...
CVE-2024-50859
The ipimportaclcsv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data...
CVE-2024-47572
An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file...
CVE-2024-47572
An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file...
CVE-2024-47572
An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file...
CVE-2024-47572
This CVE affects Fortinet FortiSOAR. The issue is an improper neutralization of formula elements in CSV files, exploitable by manipulating the CSV to cause code/command execution. Affected versions are FortiSOAR 7.2.1 through 7.4.1. Root cause: unsafe handling of CSV content leading to remote cod...
CVE-2024-11396
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filena...
CVE-2024-11396
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filena...
PT-2025-2772 · Fortinet · Fortisoar
Name of the Vulnerable Software and Affected Versions: Fortinet FortiSOAR versions 7.2.1 through 7.4.1 Description: The issue is related to an improper neutralization of formula elements in a csv file, which can allow a remote attacker to execute unauthorized code or commands by manipulating the...
CVE-2024-11396 Event monster <= 1.4.3 - Information Exposure Via Visitors List Export
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filena...
CVE-2025-23113
An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML injection payload in the alert-title. Once...