Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-04 | CVE-2020-22277 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Codection Import and Export Users and Customers Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile. | 8.0 |
2020-11-04 | CVE-2020-22276 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Weformspro Weforms 1.4.7 WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry. | 9.8 |
2020-11-04 | CVE-2020-22275 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Easyregistrationforms Easy Registration Forms 2.0.6 Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. | 8.8 |
2020-10-28 | CVE-2020-24707 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Getgophish Gophish Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content. | 7.8 |
2020-10-16 | CVE-2020-15255 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Anuko Time Tracker In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). | 7.3 |
2020-10-12 | CVE-2020-4689 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 is vulnerable to CVS Injection. | 6.8 |
2020-10-12 | CVE-2020-4302 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. | 7.8 |
2020-09-22 | CVE-2020-14026 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ozeki NG SMS Gateway CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export. | 8.8 |
2020-08-20 | CVE-2020-13826 | Improper Neutralization of Formula Elements in a CSV File vulnerability in I-Doit A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export. | 8.8 |
2020-08-11 | CVE-2020-10780 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Redhat Cloudforms Management Engine 4.7/5.0 Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. | 6.3 |