Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File

DATE CVE VULNERABILITY TITLE RISK
2023-07-18 CVE-2023-3527 Improper Neutralization of Formula Elements in a CSV File vulnerability in Avaya Call Management System 17.0/18.0.0.1/18.0.0.2
A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.  
network
low complexity
avaya CWE-1236
6.8
2023-07-10 CVE-2023-28958 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Watson Knowledge Catalog on Cloud PAK for Data 4.0
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection.
local
low complexity
ibm CWE-1236
7.8
2023-06-30 CVE-2023-3493 Improper Neutralization of Formula Elements in a CSV File vulnerability in Fossbilling
Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3.
network
low complexity
fossbilling CWE-1236
8.0
2023-06-29 CVE-2022-46408 Improper Neutralization of Formula Elements in a CSV File vulnerability in Ericsson Network Manager 21.2
Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks.
network
low complexity
ericsson CWE-1236
6.8
2023-06-23 CVE-2023-3302 Improper Neutralization of Formula Elements in a CSV File vulnerability in Admidio
Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9.
local
low complexity
admidio CWE-1236
7.8
2023-06-22 CVE-2023-31867 Improper Neutralization of Formula Elements in a CSV File vulnerability in Sage X3 12.14.0.500
Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection.
network
low complexity
sage CWE-1236
7.2
2023-06-05 CVE-2023-33410 Improper Neutralization of Formula Elements in a CSV File vulnerability in Minical 1.0.0
Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code.
network
low complexity
minical CWE-1236
8.8
2023-05-10 CVE-2023-2629 Improper Neutralization of Formula Elements in a CSV File vulnerability in Pimcore Customer Management Framework
Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9.
local
low complexity
pimcore CWE-1236
7.8
2023-05-02 CVE-2023-29918 Improper Neutralization of Formula Elements in a CSV File vulnerability in Rosariosis 10.8.4
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.
network
low complexity
rosariosis CWE-1236
5.4
2023-04-25 CVE-2023-25348 Improper Neutralization of Formula Elements in a CSV File vulnerability in Churchcrm 4.5.3
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person.
local
low complexity
churchcrm CWE-1236
7.8