5080 matches found
CVE-2022-28481
CVE-2022-28481 affects the CSV-Safe Ruby gem prior to 3.0.0, which does not filter out characters that can trigger CSV/Formula Injection in exported CSV files. This is supported by multiple sources (e.g., Red Hat advisory, RubySec/RUBYGEMS notes, OSV/NVD records). Affected component: CSV-Safe gem...
CVE-2022-28481
CSV-Safe gem 3.0.0 doesn't filter out special characters which could trigger CSV Injection...
CVE-2022-1544
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained...
Command injection
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained...
CVE-2022-1544 Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in luyadev/yii-helpers
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained...
CVE-2022-1544 Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in luyadev/yii-helpers
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained...
CVE-2022-1544
CVE-2022-1544 affects the GitHub project luyadev/yii-helpers prior to 1.2.1. The vulnerability is a CSV/Formula Injection caused by improper neutralization of formula elements in CSV files exported by the library’s Export/CSV path. The practical impact, as stated across sources, includes client-s...
CVE-2021-41161
Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue...
Code injection
Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue...
CVE-2021-41161 XSS in csvimport in 3.0.0-beta versions
Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue...
Combodo iTop 跨站脚本漏洞
Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. A security vulnerability exists in Combodo iTop that allows...
CVE-2022-29315
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used...
CVE-2022-29315
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used...
CVE-2022-29315
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used...
Input validation
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used...
CVE-2022-29315
CVE-2022-29315 : Invicti Acunetix before 14 is affected by a CSV injection vulnerability. The issue arises when exporting CSV and using the Description field on the Add Targets page, allowing injection into exported files. The CVSSv3.1 base score is 8.8 (HIGH) with network attack, no privileges r...
CVE-2022-29315
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used...
Invicti Acunetix 安全漏洞
Invicti Acunetix is an application security testing tool from Invicti Corporation, USA. designed to help small and medium-sized organizations around the world take control of their network security. Invicti Acunetix has a security vulnerability that allows CSV injection by adding a description...
CVE-2021-23286
Eaton Intelligent Power Manager Infrastructure IPM Infrastructure version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure IPM Infrastructure all version 1.5.0plus205 and prior versions...
Design/Logic Flaw
Eaton Intelligent Power Manager Infrastructure IPM Infrastructure version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure IPM Infrastructure all version 1.5.0plus205 and prior versions...