Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-15 | CVE-2023-48709 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Combodo Itop iTop is an IT service management platform. | 8.0 |
| 2024-04-09 | CVE-2024-3214 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Relevanssi The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. | 9.8 |
| 2024-04-04 | CVE-2024-25007 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ericsson Network Manager 21.2/22.1/22.2 Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. | 7.1 |
| 2024-03-12 | CVE-2023-47534 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Forticlient Endpoint Management Server A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets. | 8.8 |
| 2024-02-12 | CVE-2024-24337 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Koha CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components. | 8.0 |
| 2024-02-06 | CVE-2023-47022 | Improper Neutralization of Formula Elements in a CSV File vulnerability in NCR Terminal Handler 1.5.1 Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection. | 6.5 |
| 2024-01-16 | CVE-2022-3604 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Crmperks Database for Contact Form 7, Wpforms, Elementor Forms The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection. | 7.8 |
| 2023-12-29 | CVE-2023-31295 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. | 7.5 |
| 2023-12-29 | CVE-2023-31296 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. | 5.3 |
| 2023-12-29 | CVE-2023-31294 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Sesami Cash Point & Transport Optimizer 6.3.8.6.718 CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field. | 7.5 |