0.001 Low
EPSS
Percentile
42.9%
tendenci is vulnerable to CSV injection. The Contact Us feature allows an attacker to inject arbitrary CSV formulas and code, which would execute when a user exports the data to a CSV file.
github.com/tendenci/tendenci/issues/919
sinfosec757.blogspot.com/2019/06/exploit-title-workday-32-csv-injection.html