Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File

DATE CVE VULNERABILITY TITLE RISK
2019-09-09 CVE-2019-16184 Improper Neutralization of Formula Elements in a CSV File vulnerability in Limesurvey
A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.
network
low complexity
limesurvey CWE-1236
critical
9.8
2019-09-08 CVE-2019-16120 Improper Neutralization of Formula Elements in a CSV File vulnerability in TRI Event Tickets
CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature.
network
low complexity
tri CWE-1236
8.8
2019-09-03 CVE-2019-6182 Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenovo Xclarity Administrator
A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file.
network
low complexity
lenovo CWE-1236
4.9
2019-08-23 CVE-2019-15092 Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Import Export Wordpress Users
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.
local
low complexity
webtoffee CWE-1236
7.3
2019-08-08 CVE-2018-19855 Improper Neutralization of Formula Elements in a CSV File vulnerability in Uipath Orchestrator
UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features.
local
low complexity
uipath CWE-1236
5.5
2019-08-07 CVE-2019-14749 Improper Neutralization of Formula Elements in a CSV File vulnerability in Osticket
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1.
network
low complexity
osticket CWE-1236
8.8
2019-07-28 CVE-2019-14352 Improper Neutralization of Formula Elements in a CSV File vulnerability in Joget Worfklow 6.0.20
In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists, as demonstrated by jw/web/userview/crm_community/crm_userview_sales/_/account_new with the Account ID or Account Name field.
local
low complexity
joget CWE-1236
7.8
2019-07-05 CVE-2019-13144 Improper Neutralization of Formula Elements in a CSV File vulnerability in Mytinytodo
myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection.
network
low complexity
mytinytodo CWE-1236
critical
9.8
2019-06-25 CVE-2019-12961 Improper Neutralization of Formula Elements in a CSV File vulnerability in Livezilla
LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function.
network
low complexity
livezilla CWE-1236
8.8
2019-06-19 CVE-2019-4364 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM products
IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system.
network
low complexity
ibm CWE-1236
8.0