Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-01 | CVE-2020-7947 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Auth0 Login BY Auth0 An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. | 9.8 |
| 2020-03-18 | CVE-2019-19676 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Arxes-Tolina 3.0.0 A CSV injection in arxes-tolina 3.0.0 allows malicious users to gain remote control of other computers. | 9.6 |
| 2020-03-16 | CVE-2020-9347 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. | 9.8 |
| 2020-03-12 | CVE-2020-10460 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Chadhaajay PHPkb 9.0 admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data. | 4.9 |
| 2020-03-04 | CVE-2020-9372 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Codepeople Appointment Booking Calendar The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. | 7.8 |
| 2020-02-28 | CVE-2020-9466 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Export Users to CSV Project Export Users to CSV The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection. | 6.1 |
| 2020-02-25 | CVE-2020-9017 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Litecart LiteCart through 2.2.1 allows CSV injection via a customer's profile. | 8.0 |
| 2020-01-09 | CVE-2019-20184 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Keepass 2.4.1 KeePass 2.4.1 allows CSV injection in the title field of a CSV export. | 7.8 |
| 2020-01-09 | CVE-2019-20180 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Tablepress The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. | 6.8 |
| 2019-12-16 | CVE-2019-13181 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Serv-U FTP Server 15.1.7 A CSV injection vulnerability exists in the web UI of SolarWinds Serv-U FTP Server v15.1.7. | 6.5 |