4 matches found
CSV Injection
Overview Affected versions of this package are vulnerable to CSV Injection via the escapeCsv function, which fails to neutralize formula-triggering prefixes in user-controlled fields when exporting data to CSV format. An attacker can cause arbitrary formula execution or data exfiltration by...
CVE-2019-14749
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV aka Formula injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and...
Design/Logic Flaw
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV aka Formula injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and...
[SECURITY] Fedora 22 Update: drupal7-webform-4.7-1.fc22
Webform is the module for making surveys in Drupal. After a submission, users may be sent an e-mail "receipt" as well as sending a notification to administrators. Results can be exported into Excel or other spreadsheet applications. Webform also provides some basic statistical review and has and...