5079 matches found
Input validation
SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel CSV injection due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while...
CVE-2021-38180
SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel CSV injection due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while...
CVE-2021-38180
SAP Business One 10.0 is vulnerable to CSV injection during data export. The root cause is improper sanitation of exported data, enabling an attacker to inject formulas in CSV exports. If a victim opens the CSV in Excel with macros enabled and the security settings allow command execution, this c...
October 12, 2021—KB5006728 (Security-only update)
October 12, 2021—KB5006728 Security-only update Summary Learn more about this security update, including improvements and fixes, any known issues, and how to get the update. Important: Windows 7 and Windows Server 2008 R2 have reached the end of mainstream support and are now in extended support...
@questwork/authenticator (>=0.1.0 <=0.1.5), @questwork/qw-service-tools (>=0.0.8 <=0.1.4) +22 more potentially affected by CVE-2021-23561 via comb (>=0.0.6 <=2.0.0)
comb NPM version =0.0.6, =0.1.0, =0.0.8, =0.0.1, =1.0.3, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2021-23561 Source advisory: SNYK:JS-COMB-1730083...
VMSA-2021-0022:VMware vRealize Log Insight updates address CSV injection vulnerability
Advisory ID: VMSA-2021-0022 CVSSv3 Range: 6.5 Issue Date:2021-10-12 Updated On: 2021-10-12 Initial Advisory CVEs: CVE-2021-22035 Synopsis: VMware vRealize Log Insight updates address CSV injection vulnerability CVE-2021-22035 RSS Feed Download PDF Download Text File Share this page on social medi...
CVE-2021-41128
Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports Statistics & BAG MED contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get...
CVE-2021-41128
Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports Statistics & BAG MED contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get...
Input validation
Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports Statistics & BAG MED contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get...
Denial of Service (DoS) in mongo-express
All versions of package mongo-express are vulnerable to Denial of Service DoS when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash...
CVE-2021-41128 CSV Injection Vulnerability in Hygeia
Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports Statistics & BAG MED contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get...
CVE-2021-41128
Hygeia CSV Exports (Statistics & BAG MED) are vulnerable to CSV injection due to lack of validation/sanitization of formula fields in affected versions. Malicious input in exported fields can be executed when ingested. The issue has been fixed in version 1.30.4; upgrading is advised. No workaroun...
GHSA-XRPJ-F9V6-2332 CSV injection in Craft CMS
Withdrawn Duplicate of GHSA-h7vq-5qgw-jwwq...
CSV Injection
craftcms/cms is vulnerable to CSV injection. Lack of some sanity/escaping check prior to inserting the data to the CSV document allows an attacker to inject malicious input...
GHSA-663J-RJCR-789F CSV injection in shuup
“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...
CSV injection in shuup
“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...
CVE-2021-24016
An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host...
CVE-2021-24016
An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host...
CVE-2021-24016
An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host...
CVE-2021-24016
An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host...