WS Form LITE <= 1.9.217 - Unauthenticated CSV Injection

Description The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a...

PT-2024-24507 · Tenable · Tenable Identity Exposure

Name of the Vulnerable Software and Affected Versions: Tenable Identity Exposure affected versions not specified Description: A formula injection issue exists, allowing an authenticated remote attacker with administrative privileges to manipulate application form fields. This could trick another...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

CVE-2024-24919-Sniper !CVE-2024-24919 Sniper Screenshotsni...

GHSA-MQJC-X563-C9Q8 silverstripe/framework CSV Excel Macro Injection

In the CSV export feature of the CMS it's possible for the output to contain macros and scripts, which if imported without sanitisation into software including Microsoft Excel may be executed. In order to safeguard against this threat all potentially executable cell values exported from CSV will ...

silverstripe/framework CSV Excel Macro Injection

In the CSV export feature of the CMS it's possible for the output to contain macros and scripts, which if imported without sanitisation into software including Microsoft Excel may be executed. In order to safeguard against this threat all potentially executable cell values exported from CSV will ...

CSV Injection

Ghost is vulnerable to CSV Injection. The vulnerability is due to inadequate input sanitization during member CSV export, allowing malicious content to be injected into CSV files, and executed when opened by a spreadsheet application...

CVE-2024-4895

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to, and including, 3.4.2.12 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-4895 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.12 - Unauthenticated Stored Cross-Site Scripting via CSV Import

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to, and including, 3.4.2.12 due to insufficient input sanitization and output escaping. This makes it...

CVE-2024-4895

CVE-2024-4895 affects the WordPress plugin WPDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin up to version 3.4.2.12. It is a Stored Cross-Site Scripting vulnerability via the CSV import functionality, allowing unauthenticated attackers to inject scripts that execute when u...

CVE-2024-4895 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.12 - Unauthenticated Stored Cross-Site Scripting via CSV Import

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to, and including, 3.4.2.12 due to insufficient input sanitization and output escaping. This makes it...

7ghost (>=4.11.0 <=4.11.46), @igames/ghost (>=3.41.6 <=4.0.0-alpha.2) +5 more potentially affected by CVE-2024-34448 via @tryghost/members-csv (>=0.1.2 <=1.2.3)

@tryghost/members-csv NPM version =0.1.2, =4.11.0, =3.41.6, =0.1.0, =3.21.0, =5.4.1 - nshakhatghost =4.17.1 Source cves: CVE-2024-34448 Source advisory: OSV:GHSA-XGWH-CGV9-783V...

Ghost allows CSV Injection during member CSV export

Ghost before 5.82.0 allows CSV Injection during a member CSV export...

GHSA-XGWH-CGV9-783V Ghost allows CSV Injection during member CSV export

Ghost before 5.82.0 allows CSV Injection during a member CSV export...

CVE-2024-34448

Ghost before 5.82.0 allows CSV Injection during a member CSV export...

CVE-2024-34448

Ghost before 5.82.0 allows CSV Injection during a member CSV export...

CVE-2024-34448

Ghost before 5.82.0 allows CSV Injection during a member CSV export...

CVE-2024-34448

CVE-2024-34448 affects Ghost prior to 5.82.0. The vulnerability arises in the member CSV export feature, where insufficient input sanitization enables CSV injection in exported files. Documents consistently describe Ghost as vulnerable to CSV injection via the CSV export process. Impact is descri...

CVE-2024-34448

Ghost before 5.82.0 allows CSV Injection during a member CSV export...

wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin < 3.4.2.14 - Unauthenticated Stored Cross-Site Scripting via CSV Import

Description The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to, and including, 3.4.2.12 due to insufficient input sanitization and output escaping...

PT-2024-25902

Name of the Vulnerable Software and Affected Versions Ghost versions prior to 5.82.0 Description The issue allows CSV Injection during a member CSV export. Recommendations For Ghost versions prior to 5.82.0, update to version 5.82.0 or later to resolve the issue...