Design/Logic Flaw

BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area...

CVE-2020-13247

BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area...

CVE-2020-13247

BooleBox Secure File Sharing Utility (before 4.2.3.0) is affected by two CVEs in the dataset: CVE-2020-13247 enables CSV injection via a crafted username exported from activity logs in Audit Area; CVE-2020-13248 enables stored XSS via a crafted avatar field in My Account JSON data to Account.aspx...

Cross-site Request Forgery (CSRF)

WooCommerce is vulnerable to cross-site request forgery CSRF. The attack exists because it does not check the .csv file imports in includes/admin/importers/class-wc-product-csv-importer-controller.php, allowing an attacker to provide malicious inputs and valid nonce to lead to the attack...

CVE-2019-20891

WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery CSRF issue with resultant stored cross-site scripting XSS via includes/admin/importers/class-wc-product-csv-importer-controller.php...

CVE-2019-20891

WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery CSRF issue with resultant stored cross-site scripting XSS via includes/admin/importers/class-wc-product-csv-importer-controller.php...

Cross site request forgery (csrf)

WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery CSRF issue with resultant stored cross-site scripting XSS via includes/admin/importers/class-wc-product-csv-importer-controller.php...

CVE-2019-20891

WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery CSRF issue with resultant stored cross-site scripting XSS via includes/admin/importers/class-wc-product-csv-importer-controller.php...

CVE-2019-20891

CVE-2019-20891 affects WooCommerce prior to version 3.6.5. The issue is a cross-site request forgery (CSRF) in the CSV product-import workflow that can lead to stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. Impact is described as CSRF ...

CVE-2017-18900

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report...

CVE-2017-18900

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report...

Input validation

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report...

CVE-2017-18900

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report...

CVE-2017-18900

Mattermost Server is affected by CSV injection (CVE-2017-18900) in versions prior to 4.1.0, 4.0.4, and 3.10.3, via the compliance report feature. The provided documents indicate the root cause is CSV injection but do not specify exact code paths, vulnerable components, or the fixes/patch version....

March 17, 2020—KB4541332 (Preview of Monthly Rollup)

March 17, 2020—KB4541332 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4541510released March 10, 2020 and also includes these new quality improvements as a preview of the next Monthly Rollup update: No additional...

March 17, 2020—KB4541334 (Preview of Monthly Rollup)

March 17, 2020—KB4541334 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4541509 released March 10, 2020 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses an...

June 9, 2020—KB4561612 (Monthly Rollup)

June 9, 2020—KB4561612 Monthly Rollup IMPORTANT We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges, we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional non-securit...

June 9, 2020—KB4561673 (Security-only update)

June 9, 2020—KB4561673 Security-only update IMPORTANT We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges, we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional...

Cross-Site Scripting (XSS)

OctoberCMS is vulnerable to cross-site scripting XSS. The attack is possible because it does not prevent uploading of malicious CSV file by sanitizing the imported CSV column names column parameters...

CSV Injection

october/october is vulnerable to CSV Injection. The vulnerability exists as it does not sanitize the value of $record in ImportExportController.php...