5078 matches found
CVE-2020-5299
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the ImportExportController could potentially introduce a CSV injection into the data to cause the generated C...
CVE-2020-5299
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the ImportExportController could potentially introduce a CSV injection into the data to cause the generated C...
CVE-2020-5298
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the ImportExportController behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a...
Design/Logic Flaw
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the ImportExportController could potentially introduce a CSV injection into the data to cause the generated C...
Design/Logic Flaw
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the ImportExportController behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a...
CVE-2020-5299 Potential CSV Injection vector in OctoberCMS
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the ImportExportController could potentially introduce a CSV injection into the data to cause the generated C...
CVE-2020-5299
OctoberCMS (composer package october/october) versions 1.0.319–1.0.465 are vulnerable to CSV injection via data that can be exported through the ImportExportController. The root cause is data that can be controlled by an attacker being exported and then opened in vulnerable spreadsheet software, ...
GHSA-4RHM-M2FP-HX7Q Potential CSV Injection vector in OctoberCMS
Impact Any users with the ability to modify any data that could eventually be exported as a CSV file from the ImportExportController could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following...
Potential CSV Injection vector in OctoberCMS
Impact Any users with the ability to modify any data that could eventually be exported as a CSV file from the ImportExportController could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following...
GHSA-GG6X-XX78-448C Reflected XSS when importing CSV in OctoberCMS
Impact A user with the ability to use the import functionality of the ImportExportController behavior could be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Patches Issue has been patched in Build 4...
Reflected XSS when importing CSV in OctoberCMS
Impact A user with the ability to use the import functionality of the ImportExportController behavior could be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Patches Issue has been patched in Build 4...
CVE-2020-5298 Reflected XSS when importing CSV in OctoberCMS
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the ImportExportController behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a...
Bing-Ip2Hosts - Bingip2Hosts Is A Bing.com Web Scraper That Discovers Websites By IP Address
Bing-ip2hosts is a Bing.com web scraper to discover hostnames by IP address. Description Bing-ip2hosts is a Bing.com web scraper that discovers hostnames by IP address. Bing is the flagship Microsoft search engine formerly known as MSN Search and Live Search. It provides a feature unique to searc...
WordPress Connections Business Directory plugin <= 9.6 - CSV Injection vulnerability
CSV Injection vulnerability discovered by Rudra Sarkar in WordPress Connections Business Directory plugin versions = 9.6. Solution Update the WordPress Connections Business Directory plugin to the latest available version at least 9.7...
Faraday v3.11 - Collaborative Penetration Test and Vulnerability Management Platform
This new release brings strong improvements to your security team’s daily performance , allowing them to operate quicker and smarter by increasing accessibility and stabilizing usual functionality. Major enhancements are focused on providing global visualization of findings , improvements on our...
CVE-2020-13146
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in CourseInstructorCohorts may contain a formula that is exported via the "CourseData DownloadsReportsDownload profile info" feature...
Input validation
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in CourseInstructorCohorts may contain a formula that is exported via the "CourseData DownloadsReportsDownload profile info" feature...
CVE-2020-13146
Open edX Ironwood 2.5 Studio is affected by a CSV injection vulnerability. The issue arises when an added cohort in Course > Instructor > Cohorts may contain a formula that is exported through Course > Data Downloads > Reports > Download profile info, allowing injection in exported...
CVE-2020-13146
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in CourseInstructorCohorts may contain a formula that is exported via the "CourseData DownloadsReportsDownload profile info" feature...
CSV Injection
subrion is vulnerable to CSV injection. The injection is possible because it does not sanitize a phrase value within a language, which is related to phrases/add/ and languages/download/...