Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File

DATE CVE VULNERABILITY TITLE RISK
2022-04-19 CVE-2022-29315 Improper Neutralization of Formula Elements in a CSV File vulnerability in Invicti Acunetix
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used.
network
low complexity
invicti CWE-1236
8.8
2022-04-18 CVE-2021-23286 Improper Neutralization of Formula Elements in a CSV File vulnerability in Eaton Intelligent Power Manager
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection.
low complexity
eaton CWE-1236
8.0
2022-04-14 CVE-2021-43257 Improper Neutralization of Formula Elements in a CSV File vulnerability in Mantisbt
Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel.
local
low complexity
mantisbt CWE-1236
7.8
2022-04-08 CVE-2021-43515 Improper Neutralization of Formula Elements in a CSV File vulnerability in Kimai
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai.
local
low complexity
kimai CWE-1236
7.8
2022-03-30 CVE-2022-23868 Improper Neutralization of Formula Elements in a CSV File vulnerability in Ruoyi 4.7.2
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file.
local
low complexity
ruoyi CWE-1236
7.8
2022-03-24 CVE-2022-26249 Improper Neutralization of Formula Elements in a CSV File vulnerability in Surveyking Project Surveyking 0.3.0
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.
network
low complexity
surveyking-project CWE-1236
critical
9.8
2022-03-10 CVE-2021-39022 Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.
network
low complexity
ibm CWE-1236
8.8
2022-02-11 CVE-2021-46363 Improper Neutralization of Formula Elements in a CSV File vulnerability in Magnolia-Cms Magnolia CMS
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files.
local
low complexity
magnolia-cms CWE-1236
7.8
2022-02-04 CVE-2022-22689 Improper Neutralization of Formula Elements in a CSV File vulnerability in Broadcom CA Harvest Software Change Manager
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands.
network
low complexity
broadcom CWE-1236
8.8
2021-11-26 CVE-2021-23654 Improper Neutralization of Formula Elements in a CSV File vulnerability in Html-To-Csv Project Html-To-Csv
This affects all versions of package html-to-csv.
network
low complexity
html-to-csv-project CWE-1236
critical
9.8