Lucene search
K

5079 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:36 p.m.10 views

CVE-2021-43515

CSV Injection aka Excel Macro Injection or Formula Injection exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file...

7.8CVSS7.1AI score0.00999EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:25 p.m.5 views

CVE-2021-38963

IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on t...

8CVSS7.7AI score0.00585EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 p.m.4 views

CVE-2021-20735

Cross-site scripting vulnerability in ETUNA EC-CUBE plugins Delivery slip number plugin 3.0 series 1.0.10 and earlier, Delivery slip number csv bulk registration plugin 3.0 series 1.0.8 and earlier, and Delivery slip number mail plugin 3.0 series 1.0.8 and earlier allows remote attackers to injec...

6.1CVSS6.6AI score0.01121EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:50 p.m.5 views

CVE-2021-4422

The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport function. This makes it possible for unauthenticated attackers to trigger a CSV export via a...

4.3CVSS5.9AI score0.00541EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:50 p.m.6 views

CVE-2021-4377

The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.8.5 via the dmmexportdonations function which is called via the adminpostdmmexport hook due to missing capability checks. This can allow authenticated attackers to extract a CS...

6.5CVSS5.9AI score0.01041EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:34 p.m.6 views

CVE-2021-38180

SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel CSV injection due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while...

9.8CVSS6AI score0.01987EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:44 p.m.7 views

CVE-2021-32263

ok-file-formats through 2021-04-29 has a heap-based buffer overflow in the okcsvcircularbufferread function in okcsv.c...

7.8CVSS7.5AI score0.00868EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:43 p.m.4 views

CVE-2021-3188

phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports...

10CVSS6.8AI score0.01788EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:29 p.m.9 views

CVE-2021-27020

Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export...

8.8CVSS6.9AI score0.01066EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.6 views

CVE-2021-24812

The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV...

5.4CVSS5.8AI score0.00604EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:20 p.m.7 views

CVE-2021-24144

Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files...

7.8CVSS6.9AI score0.01244EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:54 p.m.7 views

CVE-2021-45686

An issue was discovered in the csv-sniffer crate through 2021-01-05 for Rust. preambleskipcount may read from uninitialized memory locations...

9.8CVSS6.8AI score0.01191EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:47 p.m.9 views

CVE-2021-41390

In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection...

8CVSS6.8AI score0.01074EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 6:33 p.m.5 views

CVE-2021-32472

Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected...

4.3CVSS6.6AI score0.00743EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:23 p.m.9 views

CVE-2021-24441

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue...

8CVSS7AI score0.01308EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:21 p.m.9 views

CVE-2021-22771

A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution...

7.3CVSS7.3AI score0.01145EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:18 p.m.7 views

CVE-2021-21302

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2...

7.2CVSS7.1AI score0.01374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:52 p.m.12 views

CVE-2020-16214

In Patient Information Center iX PICiX Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value CSV file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadshee...

5.8CVSS5.5AI score0.00591EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:45 p.m.8 views

CVE-2020-29304

A cross-site scripting XSS vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through...

6.1CVSS5.4AI score0.05483EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/05/22 5:44 p.m.9 views

CVE-2020-14026

CSV Injection aka Excel Macro Injection or Formula Injection exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export...

9.3CVSS7.2AI score0.01732EPSS
Exploits1
Rows per page
Query Builder