5077 matches found
CVE-2025-23110
An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting XSS vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the...
CVE-2025-23113
An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML injection payload in the alert-title. Once...
CVE-2025-23113
An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML injection payload in the alert-title. Once...
CVE-2025-23110
An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting XSS vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the...
REDCap 安全漏洞
REDCap is a data collection and management web application from REDCap open source. A security vulnerability exists in REDCap version 14.9.6, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that allows an attacker to send a CSV file to the victim to view...
CVE-2025-23110
CVE-2025-23110 affects REDCap v14.9.6. A reflected XSS vulnerability exists in the email-subject field when uploading a CSV containing alert configurations; a victim who opens the uploaded data and clicks the email-subject may trigger the payload. Affected component: email-subject handling during...
CVE-2025-23110
An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting XSS vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the...
CVE-2025-23113
CVE-2025-23113 affects REDCap 14.9.6. The issue is a CSRF vulnerability in the logout functionality triggered during a CSV upload of alert configuration. An HTML injection payload placed in the alert-title can be sent by an attacker; when the victim views the uploaded data and clicks the alert-ti...
WordPress Navayan CSV Export 1.0.9 SQL Injection Vulnerability
CVE-2024-55988 Navayan CSV Export = 1.0.9 - Unauthenticated SQL Injection Description The Navayan CSV Export plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...
CVE-2024-22063 ZTE ZENIC ONE R58 product has a CSV injection vulnerability
The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices...
CVE-2024-22063
The CVE-2024-22063 entry concerns ZTE ZENIC ONE R58 devices, describing a command-injection vulnerability. According to the connected sources, an authenticated attacker could tamper with messages and inject malicious code, potentially enabling further attacks on related devices. The available doc...
CVE-2024-9102
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value CSV file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet...
CVE-2024-9102
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value CSV file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet...
CVE-2024-9102
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value CSV file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet...
CVE-2024-9102 phpLDAPadmin: Improper Neutralization of Formula Elements
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value CSV file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet...
CVE-2024-9102 phpLDAPadmin: Improper Neutralization of Formula Elements
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value CSV file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet...
CVE-2024-9102
PHP LDAP Admin (phpLDAPadmin) versions 1.2.0 through 1.2.6.7 are vulnerable to CSV Formula Injection when exporting directory entries to CSV, because the export path does not neutralize elements that can be interpreted as commands by spreadsheet apps. This can allow an attacker-controlled data el...
CVE-2024-9102
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value CSV file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet...
Malicious code in @add-wallet-exchange/set-imported-csv-message (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85e68f887715288c07927e0e74544a85fd8c7f1fd0ea7afe1ff8d50322fcaa34 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-55988
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Amol Nirmala Waman Navayan CSV Export navayan-csv-export allows Blind SQL Injection.This issue affects Navayan CSV Export: from n/a through = 1.0.9...