Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File

DATE CVE VULNERABILITY TITLE RISK
2020-11-04 CVE-2020-22277 Improper Neutralization of Formula Elements in a CSV File vulnerability in Codection Import and Export Users and Customers
Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile.
network
low complexity
codection CWE-1236
8.0
2020-11-04 CVE-2020-22276 Improper Neutralization of Formula Elements in a CSV File vulnerability in Weformspro Weforms 1.4.7
WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry.
network
low complexity
weformspro CWE-1236
critical
9.8
2020-11-04 CVE-2020-22275 Improper Neutralization of Formula Elements in a CSV File vulnerability in Easyregistrationforms Easy Registration Forms 2.0.6
Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands.
network
low complexity
easyregistrationforms CWE-1236
8.8
2020-10-28 CVE-2020-24707 Improper Neutralization of Formula Elements in a CSV File vulnerability in Getgophish Gophish
Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.
local
low complexity
getgophish CWE-1236
7.8
2020-10-16 CVE-2020-15255 Improper Neutralization of Formula Elements in a CSV File vulnerability in Anuko Time Tracker
In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign).
local
low complexity
anuko CWE-1236
7.3
2020-10-12 CVE-2020-4689 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Security Guardium 11.2
IBM Security Guardium 11.2 is vulnerable to CVS Injection.
network
low complexity
ibm CWE-1236
6.8
2020-10-12 CVE-2020-4302 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cognos Analytics
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection.
local
low complexity
ibm CWE-1236
7.8
2020-09-22 CVE-2020-14026 Improper Neutralization of Formula Elements in a CSV File vulnerability in Ozeki NG SMS Gateway
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export.
network
low complexity
ozeki CWE-1236
8.8
2020-08-20 CVE-2020-13826 Improper Neutralization of Formula Elements in a CSV File vulnerability in I-Doit
A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export.
network
low complexity
i-doit CWE-1236
8.8
2020-08-11 CVE-2020-10780 Improper Neutralization of Formula Elements in a CSV File vulnerability in Redhat Cloudforms Management Engine 4.7/5.0
Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel.
network
low complexity
redhat CWE-1236
6.3