3 matches found
CVE-2022-26867
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet...
Design/Logic Flaw
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet...
CVE-2022-26867
Dell PowerStore (SW v2.1.1.0) allows exporting data to CSV/XLSX without validation or sanitization. A malicious, authenticated user can inject payloads that spreadsheet applications may interpret as formulas when opening the exported file. This is a formula-injection risk in data export functiona...