5079 matches found
CVE-2021-24708 WP All Export < 1.3.1 - Admin+ Stored Cross-Site Scripting
The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24708
The CVE-2021-24708 entry corresponds to the WordPress plugin “Export any WordPress data to XML/CSV” (pre-1.3.1) and describes a stored Cross-Site Scripting (XSS) vulnerability in the Manage Exports UI: the plugin does not escape the Export name before output, enabling high-privilege users to trig...
[SECURITY] Fedora 33 Update: rpki-client-7.4-1.fc33
The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...
[SECURITY] Fedora 34 Update: rpki-client-7.4-1.fc34
The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...
WordPress Connections Business Directory plugin CSV injection vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Connections Business Directory plugin version 9.7 previously had a CSV injection vulnerability, which stem...
CVE-2021-40848
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection...
CVE-2021-40848
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection...
Input validation
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection...
CVE-2021-40848
Summary: CVE-2021-40848 affects Mahara. Exports in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0 may produce CSV files containing characters that a spreadsheet can interpret as commands, enabling execution of a malicious string locally on a device (CSV injection). Root cause: crafted conte...
CVE-2021-40848
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection...
Catalyst It Ltd Mahara Cms 安全漏洞
Catalyst It Ltd Mahara Cms is a fully featured electronic portfolio, blog, resume builder and social networking system from Catalyst It Ltd in New Zealand. Used to connect users and create online communities. A security vulnerability exists in Catalyst It Ltd Mahara Cms that stems from an exporte...
CVE-2020-36503
The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue...
CVE-2020-36503
The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue...
Design/Logic Flaw
The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue...
CVE-2020-36503
The CVE concerns the WordPress Connections Business Directory plugin prior to version 9.7, where some connection fields are not validated or sanitized, enabling CSV injection. The issue is documented as a CSV injection vulnerability with a high impact potential (CVSS v3.1: 8.0, HIGH; v2.0: 6.0, M...
CVE-2020-36503 Connections Business Directory < 9.7 - Admin+ CSV Injection
The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue...
PeTeReport - An Open-Source Application Vulnerability Reporting Tool
PeTeReport Pe nTe st Report is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writting and generation of reports. Focused in product security, the tool help security researchers and pentesters to provide detaile...
CVE-2021-37131
There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this...
Input validation
There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this...
CVE-2021-37131
There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this...