Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File

DATE CVE VULNERABILITY TITLE RISK
2024-06-07 CVE-2023-5424 Improper Neutralization of Formula Elements in a CSV File vulnerability in Westguardsolutions WS Form
The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217.
network
low complexity
westguardsolutions CWE-1236
8.8
2024-04-04 CVE-2024-25007 Improper Neutralization of Formula Elements in a CSV File vulnerability in Ericsson Network Manager 21.2/22.1/22.2
Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure.
low complexity
ericsson CWE-1236
7.1
2024-03-12 CVE-2023-47534 Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Forticlient Endpoint Management Server
A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets.
network
low complexity
fortinet CWE-1236
8.8
2024-02-06 CVE-2023-47022 Improper Neutralization of Formula Elements in a CSV File vulnerability in NCR Terminal Handler 1.5.1
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.
network
low complexity
ncr CWE-1236
6.5
2024-01-16 CVE-2022-3604 Improper Neutralization of Formula Elements in a CSV File vulnerability in Crmperks Database for Contact Form 7, Wpforms, Elementor Forms
The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection.
local
low complexity
crmperks CWE-1236
7.8
2023-12-29 CVE-2023-31295 Improper Neutralization of Formula Elements in a CSV File vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field.
network
low complexity
sesami CWE-1236
7.5
2023-12-29 CVE-2023-31296 Improper Neutralization of Formula Elements in a CSV File vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field.
network
low complexity
sesami CWE-1236
5.3
2023-12-29 CVE-2023-31294 Improper Neutralization of Formula Elements in a CSV File vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field.
network
low complexity
sesami CWE-1236
7.5
2023-12-28 CVE-2023-50448 Improper Neutralization of Formula Elements in a CSV File vulnerability in Activeadmin
In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain specific times.
network
low complexity
activeadmin CWE-1236
6.5
2023-12-24 CVE-2023-51763 Improper Neutralization of Formula Elements in a CSV File vulnerability in Activeadmin Active Admin
csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection.
network
low complexity
activeadmin CWE-1236
critical
9.8