CVE-2022-4368 WP CSV <= 1.8.0.0 - Reflected XSS via CSV Import

The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting...

CVE-2022-4368

CVE-2022-4368 affects the WP CSV WordPress plugin (versions up to 1.8.0.0). The vulnerability is a Reflected XSS caused by failing to sanitize/escape a parameter during CSV import and lacking CSRF checks, exposed when the parameter is echoed back on the page. Several connected sources confirm the...

CVE-2022-4368 WP CSV <= 1.8.0.0 - Reflected XSS via CSV Import

The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting...

Security Bulletin: IBM InfoSphere Information Server is potentially vulnerable to CSV Injection (CVE-2022-22425)

Summary A potential CSV Injection in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-22425 DESCRIPTION: IBM InfoSphere Information Server is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by...

CVE-2022-35281

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335...

Design/Logic Flaw

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335...

WordPress Plugin WP CSV 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2023-14285 · WordPress · Wp Csv

Name of the Vulnerable Software and Affected Versions: WP CSV WordPress plugin versions 1.8.0.0 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the plugin does not properly sanitize and escape a parameter before outputting it back in th...

IBM Maximo Asset Management 安全漏洞

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control over...

CVE-2018-25070

A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able...

CVE-2018-25070

A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able...

Sql injection

A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able...

CVE-2018-25070 polterguy Phosphorus Five CSV Import NonQuery.cs csv.Read sql injection

A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able...

CVE-2018-25070 polterguy Phosphorus Five CSV Import NonQuery.cs csv.Read sql injection

A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able...

Phosphorus Five SQL注入漏洞

Phosphorus Five is Aista open source a .Net-based RAD Web application development framework. Used to create rich and secure Ajax Web applications. Phosphorus Five before version 8.3 SQL injection vulnerability exists , the vulnerability stems from the component CSV Import...

PT-2023-10811 · Polterguy · Phosphorus Five

Name of the Vulnerable Software and Affected Versions: polterguy Phosphorus Five versions up to 8.2 Description: A critical issue has been found that affects the csv.Read function of the CSV Import component, specifically in the file plugins/extras/p5.mysql/NonQuery.cs. This issue leads to sql...

CVE-2022-35281

CVE-2022-35281 affects IBM Maximo Asset Management versions 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Manage in IBM Maximo Application Suite versions 8.3 and 8.4. The issue is described as CSV injection vulnerability. The Red Hat and IBM bulletins confirm the affected product set and provide remed...

CVE-2022-35281 IBM Maximo Application Suite command injection

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335...

CVE-2022-35281 IBM Maximo Application Suite command injection

IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335...

CVE-2022-4663

The Members Import plugin for WordPress is vulnerable to Self Cross-Site Scripting via the userlogin parameter in an imported CSV file in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web...