5080 matches found
WordPress WS Form Pro plugin <= 1.9.217 - Unauthenticated CSV Injection vulnerability
Unauthenticated CSV Injection vulnerability discovered by Duc Manh in WordPress Plugin WS Form Pro versions = 1.9.217...
WordPress WS Form Pro Plugin <= 1.9.217 is vulnerable to CSV Injection
Software WS Form Pro Type Plugin Vulnerable versions = 1.9.217 Fixed in 1.9.218 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-5424 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID b17414acaf13 Credits Duc Manh Required privilege Unauthenticated...
WordPress WS Form LITE Plugin <= 1.9.217 is vulnerable to CSV Injection
Software WS Form LITE Type Plugin Vulnerable versions = 1.9.217 Fixed in 1.9.218 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-5424 Patch priority Low CVSS severity Low 4.7 Developer WS Form PSID 7d55c6663718 Credits Duc Manh Required privilege Unauthenticated Published 7...
WS Form LITE <= 1.9.217 - Unauthenticated CSV Injection
Description The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a...
PT-2024-24507 · Tenable · Tenable Identity Exposure
Name of the Vulnerable Software and Affected Versions: Tenable Identity Exposure affected versions not specified Description: A formula injection issue exists, allowing an authenticated remote attacker with administrative privileges to manipulate application form fields. This could trick another...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware
CVE-2024-24919-Sniper !CVE-2024-24919 Sniper Screenshotsni...
GHSA-MQJC-X563-C9Q8 silverstripe/framework CSV Excel Macro Injection
In the CSV export feature of the CMS it's possible for the output to contain macros and scripts, which if imported without sanitisation into software including Microsoft Excel may be executed. In order to safeguard against this threat all potentially executable cell values exported from CSV will ...
silverstripe/framework CSV Excel Macro Injection
In the CSV export feature of the CMS it's possible for the output to contain macros and scripts, which if imported without sanitisation into software including Microsoft Excel may be executed. In order to safeguard against this threat all potentially executable cell values exported from CSV will ...
CSV Injection
Ghost is vulnerable to CSV Injection. The vulnerability is due to inadequate input sanitization during member CSV export, allowing malicious content to be injected into CSV files, and executed when opened by a spreadsheet application...
CVE-2024-4895
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to, and including, 3.4.2.12 due to insufficient input sanitization and output escaping. This makes it...
CVE-2024-4895 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.12 - Unauthenticated Stored Cross-Site Scripting via CSV Import
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to, and including, 3.4.2.12 due to insufficient input sanitization and output escaping. This makes it...
CVE-2024-4895
CVE-2024-4895 affects the WordPress plugin WPDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin up to version 3.4.2.12. It is a Stored Cross-Site Scripting vulnerability via the CSV import functionality, allowing unauthenticated attackers to inject scripts that execute when u...
CVE-2024-4895 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.12 - Unauthenticated Stored Cross-Site Scripting via CSV Import
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to, and including, 3.4.2.12 due to insufficient input sanitization and output escaping. This makes it...
GHSA-XGWH-CGV9-783V Ghost allows CSV Injection during member CSV export
Ghost before 5.82.0 allows CSV Injection during a member CSV export...
7ghost (>=4.11.0 <=4.11.46), @igames/ghost (>=3.41.6 <=4.0.0-alpha.2) +5 more potentially affected by CVE-2024-34448 via @tryghost/members-csv (>=0.1.2 <=1.2.3)
@tryghost/members-csv NPM version =0.1.2, =4.11.0, =3.41.6, =0.1.0, =3.21.0, =5.4.1 - nshakhatghost =4.17.1 Source cves: CVE-2024-34448 Source advisory: OSV:GHSA-XGWH-CGV9-783V...
Ghost allows CSV Injection during member CSV export
Ghost before 5.82.0 allows CSV Injection during a member CSV export...
CVE-2024-34448
Ghost before 5.82.0 allows CSV Injection during a member CSV export...
CVE-2024-34448
Ghost before 5.82.0 allows CSV Injection during a member CSV export...
CVE-2024-34448
Ghost before 5.82.0 allows CSV Injection during a member CSV export...
CVE-2024-34448
Ghost before 5.82.0 allows CSV Injection during a member CSV export...