Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-25 | CVE-2019-12961 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Livezilla LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function. | 6.8 |
| 2019-06-19 | CVE-2019-4364 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. | 8.0 |
| 2019-06-17 | CVE-2018-20468 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Sahipro Sahi PRO An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. | 6.8 |
| 2019-06-11 | CVE-2019-12765 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.7. | 9.8 |
| 2019-06-06 | CVE-2019-12134 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Workday CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in Workday through 32 via a value (provided by a low-privileged user in a contact form field) that is mishandled in a CSV export. | 6.5 |
| 2019-05-29 | CVE-2019-11872 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Incsub Hustle The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. | 8.8 |
| 2019-05-22 | CVE-2018-7201 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Projectsend CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel. | 6.8 |
| 2019-05-09 | CVE-2019-4071 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM products IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. | 8.8 |
| 2019-05-08 | CVE-2019-11819 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Alkacon Opencms Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name. | 6.8 |
| 2019-04-25 | CVE-2018-12244 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Symantec Endpoint Protection SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files. | 6.8 |