Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the formtodatabase exten. An attacker can execute arbitrary scripts in the context of the user's browser by injecting malicious input. Details Cross-site scripting or XSS is a code vulnerability that occurs...

CVE-2025-10316 Cross-Site Scripting in extension "Form to Database" (form_to_database)

The extension "Form to Database" is susceptible to Cross-Site Scripting. This issue affects the following versions: before 2.2.5, from 3.0.0 before 3.2.2, from 4.0.0 before 4.2.3, from 5.0.0 before 5.0.2...

DEBIAN-CVE-2024-47881

OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run...

UBUNTU-CVE-2024-47881

OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run...

CVE-2024-47881 OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)

OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run...

CVE-2024-47881

CVE-2024-47881 affects OpenRefine prior to 3.8.3. In the OpenRefine database extension, the enable_load_extension setting for the SQLite integration can be abused to load local or remote extension DLLs, allowing arbitrary code execution on the vulnerable server. Exploitation requires network acce...

OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)

Summary In the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. Details The...

PT-2024-8658 · Unknown +3 · Openrefine +3

Name of the Vulnerable Software and Affected Versions: OpenRefine versions 3.4-beta through 3.8.2 Description: The issue is related to the database extension in OpenRefine, where the "enable load extension" property can be set for the SQLite integration. This allows an attacker to load and execut...

Oracle Linux 9 : php (ELSA-2022-8197)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8197 advisory. 8.0.20-3 - snmp3 calls using authPriv or authNoPriv immediately return false 2104630 8.0.20-2 - fix patch41 not applied use system nikic/php-parser whe...

SUSE SLES15 Security Update : php8 (SUSE-SU-2022:2303-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2303-1 advisory. - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like...

WordPress Contact Form 7 to Database Extension plugin 2.10.32 - CSV Injection vulnerability

CSV Injection vulnerability found in WordPress Contact Form 7 to Database Extension plugin version 2.10.32. Vulnerable file ExportToCsvUtf8.php allows remote attackers to inject spreadsheet formulas into CSV files via the contact form. Solution This plugin has been closed and is no longer availab...

Contact Form 7 to Database Extension 2.10.32 - CSV Injection

Note: The plugin has been closed on WP and moved to Github https://github.com/mdsimpson/contact-form-7-to-database-extension/releases...

Design/Logic Flaw

CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form...

CVE-2018-9035

CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form...

CVE-2018-9035

CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form...

CVE-2018-9035

CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form...

CVE-2018-9035

CVE-2018-9035 affects the WordPress plugin Contact Form 7 to Database Extension (v2.10.32). The vulnerability is a CSV Injection in ExportToCsvUtf8.php where a column value is printed without validating whether it contains a spreadsheet formula, allowing remote attackers to inject formulas into g...

Wordpress Contact Form 7 to Database Extension Plugin CSV Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A CSV injection vulnerability exists in the Wordpress Contact Form 7 to Database Extension plugin, which can be exploited by ...

WordPress Plugin Contact Form 7 to Database Extension 2.10.32 - CSV Injection

Exploit Title : Contact Form 7 to Database Extension Wordpress Plugin CSV Injection Date: 23-03-2018 Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: None Software Link: https://wordpress.org/plugins/contact-form-7-to-database-extension Version: 2.10.32...

Wordpress Contact Form 7 to Database Extension 2.10.32 Plugin - CSV Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : Contact Form 7 to Database Extension Wordpress Plugin CSV Injection Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: None Software Link:...