Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-03 | CVE-2021-38424 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Deltaww Dialink 1.2.4.0 The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. | 6.8 |
| 2021-11-03 | CVE-2021-40848 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Mahara In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection. | 6.8 |
| 2021-11-01 | CVE-2020-36503 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Connections-Pro Connections Business Directory The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue | 6.0 |
| 2021-10-27 | CVE-2021-37131 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Huawei Imanager Neteco, Imanager Neteco 6000 and Manageone There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. | 6.0 |
| 2021-10-12 | CVE-2021-38180 | Improper Neutralization of Formula Elements in a CSV File vulnerability in SAP Business ONE 10.0 SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. | 9.8 |
| 2021-09-30 | CVE-2021-24016 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Fortimanager An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host. | 9.3 |
| 2021-09-30 | CVE-2021-41824 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Craftcms Craft CMS Craft CMS before 3.7.14 allows CSV injection. | 6.8 |
| 2021-09-29 | CVE-2021-25960 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Salesagility Suitecrm In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). | 6.0 |
| 2021-09-29 | CVE-2021-25962 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Shuup “Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. | 6.8 |
| 2021-08-30 | CVE-2021-27020 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Puppet Enterprise Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. | 6.8 |