Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-12 | CVE-2020-4689 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 is vulnerable to CVS Injection. | 6.8 |
| 2020-10-12 | CVE-2020-4302 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. | 7.8 |
| 2020-09-22 | CVE-2020-14026 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ozeki NG SMS Gateway CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export. | 8.8 |
| 2020-08-20 | CVE-2020-13826 | Improper Neutralization of Formula Elements in a CSV File vulnerability in I-Doit A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export. | 8.8 |
| 2020-08-11 | CVE-2020-10780 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Redhat Cloudforms Management Engine 4.7/5.0 Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. | 6.3 |
| 2020-06-30 | CVE-2020-7049 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Nozominetworks Guardian Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection. | 7.3 |
| 2020-06-24 | CVE-2020-13247 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Boolebox BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area. | 7.3 |
| 2020-05-18 | CVE-2020-13146 | Improper Neutralization of Formula Elements in a CSV File vulnerability in EDX Open EDX Platform 2.5 Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download profile info" feature. | 8.8 |
| 2020-04-27 | CVE-2019-20002 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Webhelpdesk 12.7.1 Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. | 7.8 |
| 2020-04-05 | CVE-2020-11548 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Search Meter Project Search Meter The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. | 9.8 |