PT-2022-5982 · Atlassian +1 · Jira Service Management Server +2

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Service Management Server and Data Center versions prior to 4.13.20 Atlassian Jira Service Management Server and Data Center versions 4.14.0 through 4.20.8 Atlassian Jira Service Management Server and Data Center versions 4.21....

InvenTree CSV Injection Vulnerability

InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking . A CSV injection vulnerability exists in InvenTree versions prior to 0.7.2, which stems from an application that does not filter the escaping of...

Import CSV Files <= 1.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting PoC...

WordPress Import CSV Files plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Benachi in WordPress Import CSV Files plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of June 16, 2022 and is not available for download. This closure is temporary, pending a full review...

Import CSV Files <= 1.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting history.pushState'', '', '/' function submitRequest var xhr = new XMLHttpRequest;...

CSV Injection in inventree

Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2...

GHSA-9HX5-JMXV-X44Q CSV Injection in inventree

Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2...

CVE-2022-2112

Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2...

Design/Logic Flaw

Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2...

CVE-2022-2112 Improper Neutralization of Formula Elements in a CSV File in inventree/inventree

Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2...

CVE-2022-2112

CVE-2022-2112 corresponds to a CSV injection in Inventree (inventree/inventree) prior to 0.7.2, caused by improper neutralization of formula elements in CSV data (CSV escape filtering). Affected component: CSV export generation in Inventree before version 0.7.2. Impact: potential for formula inje...

CVE-2022-2112 Improper Neutralization of Formula Elements in a CSV File in inventree/inventree

Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2...

Formula Injection in Exported Data

Impact Datasets exported to file e.g. CSV / XLS are not sufficiently sanitized, to neutralize potential formula injection Patches - The issue is addressed in the upcoming 0.8.0 release - This fix will also be back-ported to the 0.7.x branch, applied to the 0.7.2 release Workarounds Users exportin...

GHSA-7RQ4-QCPW-74GQ Formula Injection in Exported Data

Impact Datasets exported to file e.g. CSV / XLS are not sufficiently sanitized, to neutralize potential formula injection Patches - The issue is addressed in the upcoming 0.8.0 release - This fix will also be back-ported to the 0.7.x branch, applied to the 0.7.2 release Workarounds Users exportin...

bencode (>=0.1.1 <=0.1.8), bincode (>=0.0.3 <=0.0.9) +49 more potentially affected by unknown CVE via rustc-serialize (>=0.1.5 <=0.3.22)

rustc-serialize CARGO version =0.1.5, =0.1.1, =0.0.3, =0.1.12, =0.1.2, =0.5.3, =0.5.2, =0.5.1, =0.1.4, =0.1.8, =0.6.41, =0.6.42 - docoptmacros =0.6.42 - email =0.0.9 - envelope =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-2226-4V3C-CFF8...

agnes (>=0.3.0 <=0.3.2), automl (>=0.2.6 <=0.2.7) +1 more potentially affected by CVE-2021-45686 via csv-sniffer (=0.1.1)

csv-sniffer CARGO version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on csv-sniffer and may be impacted: - agnes =0.3.0, =0.2.6, =0.1.7, =0.1.8 Source cves: CVE-2021-45686 Source advisory: OSV:GHSA-R67P-M7G9-GXW6...

SevOne Network Management System CSV Injection Vulnerability

SevOne Network Management System is the most comprehensive, scalable and application-centric network performance monitoring system for modern NetOps from SevOne. A CSV injection vulnerability exists in SevOne Network Management System versions 5.7.2.0 inclusive through 5.7.2.22 inclusive, which c...

WordPress WP-CRM plugin CSV injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP-CRM plugin version 1.2.1 and earlier versions are vulnerable to a CSV injection...

WordPress Export any WordPress data to XML/CSV plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

SSRF via Import URL

Description While importing CSV and Excel file via an URL, the server does not validate requests properly that's how the attacker can able to make requests to internal servers and access the contents. Proof of Concept 1. Go to any project 2. From Dashboard, click on Add / Import CSV or Microsoft...