Lucene search
+L

4 matches found

Snyk
Snyk
added 2026/06/22 9:42 p.m.5 views

CSV Injection

Overview Affected versions of this package are vulnerable to CSV Injection via the escapeCsv function, which fails to neutralize formula-triggering prefixes in user-controlled fields when exporting data to CSV format. An attacker can cause arbitrary formula execution or data exfiltration by...

4.6CVSS6.2AI score0.00188EPSS
Exploits0References2
OSV
OSV
added 2019/08/07 5:15 p.m.18 views

CVE-2019-14749

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV aka Formula injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and...

8.8CVSS7AI score
Exploits0References5
Prion
Prion
added 2019/08/07 5:15 p.m.23 views

Design/Logic Flaw

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV aka Formula injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and...

6.8CVSS8.7AI score0.09612EPSS
Exploits4References5Affected Software1
Fedora
Fedora
added 2015/04/21 7:1 p.m.17 views

[SECURITY] Fedora 22 Update: drupal7-webform-4.7-1.fc22

Webform is the module for making surveys in Drupal. After a submission, users may be sent an e-mail "receipt" as well as sending a notification to administrators. Results can be exported into Excel or other spreadsheet applications. Webform also provides some basic statistical review and has and...

2.8AI score
Exploits0
Rows per page
Query Builder