4 matches found
CSV Injection
Overview @actual-app/web is an Actual on the web Affected versions of this package are vulnerable to CSV Injection in the exportToCSV and exportQueryToCSV processes, where user-controlled input from fields such as Payee and Notes is passed to CSV export without neutralizing formula-triggering...
JeeWMS 安全漏洞
JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. A security vulnerability exists in JeeWMS version 20250820, which stems from the exportXls function not handling input correctly, which could lead to an SQL injection attack...
CVE-2022-28700
Authenticated Arbitrary File Creation via Export function vulnerability in GiveWP's GiveWP plugin = 2.20.2 at WordPress...
CVE-2021-46365
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file...