Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-09 | CVE-2021-33256 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Zohocorp Manageengine Adselfservice Plus 6.1 A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. | 8.8 |
| 2021-07-21 | CVE-2021-22771 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2/2.7/2.7.1 A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution. | 7.3 |
| 2021-07-14 | CVE-2020-25445 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Bookingcore Booking Core 1.7.0 The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. | 7.8 |
| 2021-07-12 | CVE-2021-24441 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Fetchdesigns Sign-Up Sheets The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue | 8.0 |
| 2021-06-21 | CVE-2020-22390 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Akaunting Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. | 8.8 |
| 2021-05-13 | CVE-2021-22153 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Blackberry Unified Endpoint Management A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine with the authority of the user. | 7.3 |
| 2021-04-27 | CVE-2021-29667 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Spectrum Scale IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. | 7.8 |
| 2021-04-08 | CVE-2021-1475 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Cisco Umbrella Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. | 4.1 |
| 2021-04-08 | CVE-2021-1474 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Cisco Umbrella Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. | 8.6 |
| 2021-03-18 | CVE-2021-24144 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ciphercoin Contact Form 7 Database Addon Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. | 7.8 |