CVE-2022-21241
CSV+ prior to 0.8.1 is vulnerable to cross-site scripting: a remote unauthenticated attacker can inject arbitrary script or OS commands via a specially crafted CSV containing an HTML tag. Affected versions are CSV+ before 0.8.1; remediation is to update to v0.8.1 or later. CVSS details in source...