Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File

DATE CVE VULNERABILITY TITLE RISK
2022-06-17 CVE-2022-2112 Improper Neutralization of Formula Elements in a CSV File vulnerability in Inventree
Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.
6.8
2022-06-13 CVE-2022-1202 Improper Neutralization of Formula Elements in a CSV File vulnerability in Usabilitydynamics Wp-Crm 1.2.1
The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability.
6.8
2022-06-09 CVE-2022-2027 Improper Neutralization of Formula Elements in a CSV File vulnerability in Kromit Titra
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0.
network
kromit CWE-1236
3.5
2022-06-07 CVE-2020-36531 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Sevone Network Performance Management
A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22.
network
ibm CWE-1236
6.0
2022-06-02 CVE-2022-26867 Improper Neutralization of Formula Elements in a CSV File vulnerability in Dell Powerstoreos
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file.
network
dell CWE-1236
6.0
2022-05-01 CVE-2022-28481 Improper Neutralization of Formula Elements in a CSV File vulnerability in Csv-Safe Project Csv-Safe
CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection.
network
low complexity
csv-safe-project CWE-1236
7.5
2022-05-01 CVE-2022-1544 Improper Neutralization of Formula Elements in a CSV File vulnerability in Luya Yii-Helpers
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1.
network
luya CWE-1236
6.8
2022-04-19 CVE-2022-29315 Improper Neutralization of Formula Elements in a CSV File vulnerability in Invicti Acunetix
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used.
network
invicti CWE-1236
critical
9.3
2022-04-18 CVE-2021-23286 Improper Neutralization of Formula Elements in a CSV File vulnerability in Eaton Intelligent Power Manager
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection.
7.9
2022-04-14 CVE-2021-43257 Improper Neutralization of Formula Elements in a CSV File vulnerability in Mantisbt
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel.
network
mantisbt CWE-1236
6.0