WordPress Import and export users and customers plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Import and export users and customers plugin...

Email-Prediction-Asterisks - Script That Allows You To Identify The Emails Hidden Behind Asterisks

Email prediction asterisks is a script that allows you to identify the emails hidden behind asterisks. It is a perfect application for osint analysts and security forces. It allows to intelligently predict, using Intelx leaks, which emails are related to the person we are looking for. It also...

CSV Injection

luyadev/yii-helpers is vulnerable to CSV injection. The vulnerability exists due to the lack of sanitization in the item parameter in the generateRow function of ExportHelper.php, allowing an attacker to inject and execute malicious input...

CSV Injection

luyadev/yii-helpers is vulnerable to CSV injection. The vulnerability is possible because the library does not properly neutralize the Firstname and the Lastname, which allows an attacker to inject malicious inputs causing several harmful outcomes such as, client-sided command injection, code...

CSV Injection

csv-safe is vulnerable to CSV injection. The library doesn't properly filter out special characters in str parameter which allows remote attackers to inject and execute malicious payloads on target system...

GHSA-F9P3-H6CG-2CJR Improper neutralization of formula elements in yii-helpers

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained...

GHSA-F55G-X8QQ-2569 CSV-Safe improperly filters special characters potentially leading to CSV injection

CSV-Safe gem 3.0.0 doesn't filter out special characters which could trigger CSV Injection...

Improper neutralization of formula elements in yii-helpers

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained...

CSV-Safe improperly filters special characters potentially leading to CSV injection

CSV-Safe gem 3.0.0 doesn't filter out special characters which could trigger CSV Injection...

CSV-Safe improperly filters special characters potentially leading to CSV injection

CSV-Safe gem 3.0.0 doesn't filter out special characters which could trigger CSV Injection...

CVE-2022-1255

The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues...

CVE-2022-1255

The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues...

CVE-2022-1255

The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues...

CVE-2022-1255

CVE-2022-1255 affects the WordPress Import and export users and customers plugin before 1.19.2.1. The issue arises from insufficient sanitization/escaping of imported CSV data, enabling high-privilege users to inject malicious JavaScript and trigger Stored Cross-Site Scripting. The vulnerability ...

CVE-2022-28481

CSV-Safe gem 3.0.0 doesn't filter out special characters which could trigger CSV Injection...

CVE-2022-28481

CSV-Safe gem 3.0.0 doesn't filter out special characters which could trigger CSV Injection...

CVE-2022-28481

CSV-Safe gem 3.0.0 doesn't filter out special characters which could trigger CSV Injection...

Input validation

CSV-Safe gem 3.0.0 doesn't filter out special characters which could trigger CSV Injection...

CVE-2022-28481

CSV-Safe gem 3.0.0 doesn't filter out special characters which could trigger CSV Injection...

CVE-2022-28481

CVE-2022-28481 affects the CSV-Safe Ruby gem prior to 3.0.0, which does not filter out characters that can trigger CSV/Formula Injection in exported CSV files. This is supported by multiple sources (e.g., Red Hat advisory, RubySec/RUBYGEMS notes, OSV/NVD records). Affected component: CSV-Safe gem...