5078 matches found
FluentForm < 4.3.13 - CSV Injection
The plugin does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection - As unauthenticated, submit a form using =5+5 as value in any field - As admin, export the data as CSV /wp-admin/admin.php?page=fluentforms&formid=1&route=entries - open the CSV with a...
CVE-2022-3244 Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation
The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce...
Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection
The plugin does not properly escape data when exporting it via CSV files. 1 Edit your subscriber account's nickname to: ;=1+3 2 As an administrator, export your users data via http://vulnerable-site.tld/wp-admin/tools.php?page=acui&tab=export, and open the resulting CSV file in Excel or equivalen...
Democritus Project d8s-asns democritus-csv code execution vulnerability
Democritus Project is a collection of simple, effective, modular, well-tested and well-documented features from Democritus. A backdoor vulnerability exists in Democritus Project d8s-asns version 0.1.0, which stems from the presence of a potential code execution package democritus-csv inserted by ...
Democritus Project d8s-ip Code Execution Vulnerability
Democritus Project is a collection of simple, effective, modular, well-tested and well-documented features from Democritus. A backdoor vulnerability exists in Democritus Project d8s-ip version 0.1.0, which stems from the presence of a potential code execution package, democritus-csv, inserted by ...
CVE-2022-42715
A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution...
CVE-2022-42715
A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution...
Cross site scripting
A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution...
REDCap 跨站脚本漏洞
REDCap is a data collection and management web application. A security vulnerability exists in versions of REDCap prior to 12.04.18, which stems from its Alerts & Notifications upload feature that allows an attacker to upload a carefully crafted CSV file to achieve reflective cross-site scripting...
PT-2022-26515 · Redcap · Redcap
Name of the Vulnerable Software and Affected Versions: REDCap versions prior to 12.04.18 Description: A reflected XSS issue exists in the Alerts & Notifications upload feature, allowing arbitrary JavaScript code execution when a crafted CSV file is uploaded. Recommendations: For versions prior to...
CVE-2022-42715
A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution...
CVE-2022-42036
The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
CVE-2022-42038
The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
CVE-2022-42036
The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
CVE-2022-42038
The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
CVE-2022-42037
The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
PYSEC-2022-43036
The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
PYSEC-2022-43021
The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
PYSEC-2022-43030
The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
PYSEC-2022-43035
The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...