CVE-2022-1544

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained...

Command injection

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained...

CVE-2022-1544 Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in luyadev/yii-helpers

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained...

CVE-2022-1544

CVE-2022-1544 affects the GitHub project luyadev/yii-helpers prior to 1.2.1. The vulnerability is a CSV/Formula Injection caused by improper neutralization of formula elements in CSV files exported by the library’s Export/CSV path. The practical impact, as stated across sources, includes client-s...

CVE-2022-1544 Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in luyadev/yii-helpers

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained...

CVE-2021-41161

Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue...

Code injection

Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue...

CVE-2021-41161 XSS in csvimport in 3.0.0-beta versions

Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue...

Combodo iTop 跨站脚本漏洞

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. A security vulnerability exists in Combodo iTop that allows...

CVE-2022-29315

Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used...

CVE-2022-29315

Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used...

CVE-2022-29315

Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used...

Input validation

Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used...

CVE-2022-29315

CVE-2022-29315 : Invicti Acunetix before 14 is affected by a CSV injection vulnerability. The issue arises when exporting CSV and using the Description field on the Add Targets page, allowing injection into exported files. The CVSSv3.1 base score is 8.8 (HIGH) with network attack, no privileges r...

CVE-2022-29315

Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used...

Invicti Acunetix 安全漏洞

Invicti Acunetix is an application security testing tool from Invicti Corporation, USA. designed to help small and medium-sized organizations around the world take control of their network security. Invicti Acunetix has a security vulnerability that allows CSV injection by adding a description...

CVE-2021-23286

Eaton Intelligent Power Manager Infrastructure IPM Infrastructure version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure IPM Infrastructure all version 1.5.0plus205 and prior versions...

Design/Logic Flaw

Eaton Intelligent Power Manager Infrastructure IPM Infrastructure version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure IPM Infrastructure all version 1.5.0plus205 and prior versions...

CVE-2021-23286 Security issues in Eaton Intelligent Power Manager Infrastructure

Eaton Intelligent Power Manager Infrastructure IPM Infrastructure version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure IPM Infrastructure all version 1.5.0plus205 and prior versions...

CVE-2021-23286

CVE-2021-23286 affects Eaton’s IPM Infrastructure (IPM Infrastructure), across all versions up to 1.5.0plus205. The connected ICS/IR sources confirm a vulnerability in CSV formula handling (CSV Formula Injection) due to improper sanitization of imported CSV files. Exploitation requires access to ...