CVE-2021-41824
Craft CMS before version 3.7.14 is vulnerable to CSV injection via export functionality. The root cause is lack of input sanitization/escaping when exporting data to CSV, allowing crafted input to trigger payloads in CSV readers (e.g., Excel). Affected software is Craft CMS (core) with CSV export...