Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-07 | CVE-2019-14749 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Osticket An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. | 8.8 |
| 2019-07-28 | CVE-2019-14352 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Joget Worfklow 6.0.20 In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists, as demonstrated by jw/web/userview/crm_community/crm_userview_sales/_/account_new with the Account ID or Account Name field. | 7.8 |
| 2019-07-05 | CVE-2019-13144 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Mytinytodo myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. | 9.8 |
| 2019-06-25 | CVE-2019-12961 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Livezilla LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function. | 8.8 |
| 2019-06-19 | CVE-2019-4364 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. | 8.0 |
| 2019-06-17 | CVE-2018-20468 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Sahipro Sahi PRO An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. | 8.8 |
| 2019-06-11 | CVE-2019-12765 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.7. | 9.8 |
| 2019-06-06 | CVE-2019-12134 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Workday CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in Workday through 32 via a value (provided by a low-privileged user in a contact form field) that is mishandled in a CSV export. | 8.8 |
| 2019-05-29 | CVE-2019-11872 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Incsub Hustle The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. | 8.8 |
| 2019-05-22 | CVE-2018-7201 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Projectsend CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel. | 8.8 |