Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File

DATE CVE VULNERABILITY TITLE RISK
2020-06-30 CVE-2020-7049 Improper Neutralization of Formula Elements in a CSV File vulnerability in Nozominetworks Guardian
Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection.
local
low complexity
nozominetworks CWE-1236
7.3
2020-06-24 CVE-2020-13247 Improper Neutralization of Formula Elements in a CSV File vulnerability in Boolebox
BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area.
local
low complexity
boolebox CWE-1236
7.3
2020-05-18 CVE-2020-13146 Improper Neutralization of Formula Elements in a CSV File vulnerability in EDX Open EDX Platform 2.5
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download profile info" feature.
network
low complexity
edx CWE-1236
8.8
2020-04-27 CVE-2019-20002 Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Webhelpdesk 12.7.1
Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.
local
low complexity
solarwinds CWE-1236
7.8
2020-04-05 CVE-2020-11548 Improper Neutralization of Formula Elements in a CSV File vulnerability in Search Meter Project Search Meter
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula.
network
low complexity
search-meter-project CWE-1236
critical
9.8
2020-04-01 CVE-2020-7947 Improper Neutralization of Formula Elements in a CSV File vulnerability in Auth0 Login BY Auth0
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress.
network
low complexity
auth0 CWE-1236
critical
9.8
2020-03-18 CVE-2019-19676 Improper Neutralization of Formula Elements in a CSV File vulnerability in Arxes-Tolina 3.0.0
A CSV injection in arxes-tolina 3.0.0 allows malicious users to gain remote control of other computers.
network
low complexity
arxes-tolina CWE-1236
critical
9.6
2020-03-16 CVE-2020-9347 Improper Neutralization of Formula Elements in a CSV File vulnerability in Zohocorp Manageengine Password Manager PRO
Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature.
network
low complexity
zohocorp CWE-1236
critical
9.8
2020-03-12 CVE-2020-10460 Improper Neutralization of Formula Elements in a CSV File vulnerability in Chadhaajay PHPkb 9.0
admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data.
network
low complexity
chadhaajay CWE-1236
4.9
2020-03-04 CVE-2020-9372 Improper Neutralization of Formula Elements in a CSV File vulnerability in Codepeople Appointment Booking Calendar
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php.
local
low complexity
codepeople CWE-1236
7.8