Cross-site Scripting (XSS)

Overview apostrophe is a content management system CMS for Node.js. It supports in-context editing, schema-driven content types, flexible widgets and a great deal more. This module contains everything necessary to build a website with ApostropheCMS. Affected versions of this package are vulnerabl...

SUSE SLES15 / openSUSE 15 Security Update : python312 (SUSE-SU-2026:0644-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0644-1 advisory. - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable...

CVE-2020-36962 Tendenci 12.3.1 - CSV/ Formula Injection

Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when...

CVE-2021-47901 dirsearch 0.4.1 - CSV Injection

Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formulas to manipulate the generated CSV report...

CVE-2026-0865 wsgiref.headers.Headers allows header newline injection

User-controlled header names and values containing newlines can allow injecting HTTP headers...

HCL Unica 安全漏洞

HCL Unica is an enterprise-level marketing automation and campaign management platform from HCL India. A security vulnerability exists in HCL Unica version 12.0.0 that stems from vulnerability to CSV formula injection attacks...

WordPress plugin Simple User Import Export 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-56267

A CSV injection vulnerability in the /idprofiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file...

CVE-2025-55745

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported...

WordPress AnWP Football Leagues plugin <= 0.16.17 - Authenticated (Administrator+) CSV Injection vulnerability

Authenticated Administrator+ CSV Injection vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin AnWP Football Leagues versions = 0.16.17...

CVE-2023-51313

PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV fi...

PT-2025-7302 · Phpjabbers · Phpjabbers Bus Reservation System

Name of the Vulnerable Software and Affected Versions: PHPJabbers Bus Reservation System version 1.1 Description: The issue allows an attacker to execute remote code due to insufficient input validation in the Languages section Labels any parameters field in System Options, which is used to...

WordPress WS Form LITE plugin <= 1.9.217 - Unauthenticated CSV Injection vulnerability

Unauthenticated CSV Injection vulnerability discovered by Duc Manh in WordPress Plugin WS Form LITE versions = 1.9.217...

Car Rental Script Security Vulnerability

Car Rental Script is an open source vehicle rental script from GZ Script. A security vulnerability exists in Car Rental v3.0, which originates from a CSV injection vulnerability in the Language Labels Export operation...

CSRF Token Reuse Vulnerability

A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform...

IBM Cloud Pak for Data 安全漏洞

IBM Cloud Pak for Data is a cloud-native solution from International Business Machines IBM that allows customers to use data and analyze it quickly and efficiently. A security vulnerability exists in IBM Cloud Pak for Data version 4.0 that stems from vulnerability to CSV injection attacks...

Sage Group Sage X3 安全漏洞

Sage Group Sage X3 is a software application from Sage Group UK. An enterprise resource planning product developed for mature organizations. A security vulnerability exists in Sage X3 version 12.14.0.50-0, which stems from vulnerability to CSV injection attacks...

CVE-2023-27894 Sensitive Information Disclosure in the SAP BusinessObjects Business Intelligence platform

SAP BusinessObjects Business Intelligence Platform Web Services - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal...

IBM InfoSphere Information Server 安全漏洞

IBM InfoSphere Information Server is a data integration platform from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. IBM InfoSphere Information Server version 11.7 has a CSV injection vulnerability, which stems from its...

CSV Injection

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to CSV Injection through the csvexport.php API. An attacker can execute arbitrary code or access sensitive information by embedding malicious formulas in the CSV content that is executed when the...