5059 matches found
CVE-2023-25983
Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84...
CVE-2023-31294
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to obtain sensitive information via the Delivery Name field...
CVE-2021-27839
A CSV injection vulnerability found in Online Invoicing System OIS 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to...
CVE-2016-10762
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used...
CVE-2016-10943
The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter...
CVE-2025-23113
An issue was discovered in REDCap 14.9.6. It has an action=myprojects=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML injection payload in the alert-title. Once the...
CVE-2022-38702
Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter.This issue affects WP CSV Exporter: from n/a through 2.0...
CVE-2022-38845
Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious...
CVE-2022-23868
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file...
CVE-2022-42882
Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter.This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8...
CVE-2022-42037
The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
CVE-2022-37786
An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the Home / Admin / Resources page, the Home / Admin / System Params page, and the Home / Design / Basekey Configuration page...
CVE-2022-0142
The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...
CVE-2022-0892
The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
CVE-2022-26249
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack...
CVE-2017-18900
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report...
CVE-2019-11537
In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file...
CVE-2019-20184
KeePass 2.4.1 allows CSV injection in the title field of a CSV export...
CVE-2019-20385
The CSV upload feature in /supervisor/procesacarga.php on Logaritmo Aware CallManager 2012 devices allows upload of .php files with a text/ content type. The PHP code can then be executed by visiting a /supervisor/csv/ URI...
CVE-2020-12468
Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/...