Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-23 | CVE-2019-15092 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Import Export Wordpress Users The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class. | 6.0 |
| 2019-08-08 | CVE-2018-19855 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Uipath Orchestrator UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features. | 4.3 |
| 2019-08-07 | CVE-2019-14749 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Osticket An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. | 6.8 |
| 2019-07-28 | CVE-2019-14352 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Joget Worfklow 6.0.20 In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists, as demonstrated by jw/web/userview/crm_community/crm_userview_sales/_/account_new with the Account ID or Account Name field. | 7.8 |
| 2019-07-05 | CVE-2019-13144 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Mytinytodo myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. | 7.5 |
| 2019-06-25 | CVE-2019-12961 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Livezilla LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function. | 6.8 |
| 2019-06-19 | CVE-2019-4364 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. | 8.0 |
| 2019-06-17 | CVE-2018-20468 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Sahipro Sahi PRO An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. | 6.8 |
| 2019-06-11 | CVE-2019-12765 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.7. | 9.8 |
| 2019-06-06 | CVE-2019-12134 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Workday CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in Workday through 32 via a value (provided by a low-privileged user in a contact form field) that is mishandled in a CSV export. | 6.5 |