Lucene search
K

5079 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:32 p.m.12 views

CVE-2020-36308

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries...

5.3CVSS6.7AI score0.00971EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:27 p.m.6 views

CVE-2020-28848

CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file...

8.8CVSS8.2AI score0.00948EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:27 p.m.7 views

CVE-2020-28845

A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system...

9.3CVSS7.3AI score0.01117EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:25 p.m.10 views

CVE-2020-27358

An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature that allows users to export their conversation threads as CSV allows non-privileged users to export one another's conversation threads by changing the threadid parameter in the request to the endpoint...

4.3CVSS6.8AI score0.02031EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:22 p.m.6 views

CVE-2020-25445

The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed...

7.8CVSS7.2AI score0.00898EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:21 p.m.17 views

CVE-2020-25398

CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality...

8.8CVSS7.3AI score0.01978EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 1:26 p.m.6 views

CVE-2018-16275

OPSWAT MetaDefender before v4.11.2 allows CSV injection...

7.8CVSS7AI score0.00948EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:14 a.m.9 views

CVE-2019-11872

The Hustle aka wordpress-popup plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on the administrator's computer through Excel functions as the...

8.8CVSS7.5AI score0.02238EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 a.m.7 views

CVE-2019-20891

WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery CSRF issue with resultant stored cross-site scripting XSS via includes/admin/importers/class-wc-product-csv-importer-controller.php...

8.8CVSS6AI score0.00534EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 a.m.8 views

CVE-2019-13144

myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. This is fixed in 1.5...

9.8CVSS6.8AI score0.01837EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 a.m.6 views

CVE-2019-13181

A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7...

6.5CVSS7.2AI score0.03233EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:14 a.m.8 views

CVE-2018-7304

Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation...

8.8CVSS7.2AI score0.01269EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:53 a.m.5 views

CVE-2019-9909

The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS...

6.1CVSS7AI score0.0142EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:30 a.m.5 views

CVE-2019-20180

The TablePress plugin 1.9.2 for WordPress allows tablepressdata CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress...

6.8CVSS7.3AI score0.02326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:28 a.m.10 views

CVE-2019-12961

LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function...

8.8CVSS7.2AI score0.01389EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:19 a.m.8 views

CVE-2019-0403

SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection...

9.8CVSS7.2AI score0.02089EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:13 a.m.26 views

CVE-2019-15127

REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file...

5.4CVSS6AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:9 a.m.10 views

CVE-2019-15326

The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal...

7.5CVSS7.1AI score0.0232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:7 a.m.10 views

CVE-2018-7201

CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel...

8.8CVSS7.2AI score0.01292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:5 a.m.11 views

CVE-2018-19855

UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...

5.5CVSS6.9AI score0.01089EPSS
Exploits1References1
Rows per page
Query Builder