Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-09 | CVE-2019-16184 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Limesurvey A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file. | 9.8 |
2019-09-08 | CVE-2019-16120 | Improper Neutralization of Formula Elements in a CSV File vulnerability in TRI Event Tickets CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature. | 8.8 |
2019-09-03 | CVE-2019-6182 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenovo Xclarity Administrator A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. | 4.9 |
2019-08-23 | CVE-2019-15092 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Import Export Wordpress Users The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class. | 7.3 |
2019-08-08 | CVE-2018-19855 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Uipath Orchestrator UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features. | 5.5 |
2019-08-07 | CVE-2019-14749 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Osticket An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. | 8.8 |
2019-07-28 | CVE-2019-14352 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Joget Worfklow 6.0.20 In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists, as demonstrated by jw/web/userview/crm_community/crm_userview_sales/_/account_new with the Account ID or Account Name field. | 7.8 |
2019-07-05 | CVE-2019-13144 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Mytinytodo myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. | 9.8 |
2019-06-25 | CVE-2019-12961 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Livezilla LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function. | 8.8 |
2019-06-19 | CVE-2019-4364 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. | 8.0 |