Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-28 | CVE-2020-24707 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Getgophish Gophish Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content. | 7.8 |
| 2020-10-16 | CVE-2020-15255 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Anuko Time Tracker In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). | 7.3 |
| 2020-10-12 | CVE-2020-4689 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 is vulnerable to CVS Injection. | 6.8 |
| 2020-10-12 | CVE-2020-4302 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. | 7.8 |
| 2020-09-22 | CVE-2020-14026 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ozeki NG SMS Gateway CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export. | 8.8 |
| 2020-09-11 | CVE-2020-16214 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Philips Patient Information Center IX B.02/C.02/C.03 In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | 5.0 |
| 2020-08-20 | CVE-2020-13826 | Improper Neutralization of Formula Elements in a CSV File vulnerability in I-Doit A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export. | 8.8 |
| 2020-08-11 | CVE-2020-10780 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Redhat Cloudforms Management Engine 4.7/5.0 Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. | 6.3 |
| 2020-06-30 | CVE-2020-7049 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Nozominetworks Guardian Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection. | 7.3 |
| 2020-06-24 | CVE-2020-13247 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Boolebox BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area. | 7.3 |