Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-01 | CVE-2022-28481 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Csv-Safe Project Csv-Safe CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection. | 9.8 |
| 2022-05-01 | CVE-2022-1544 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Luya Yii-Helpers Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. | 7.8 |
| 2022-04-19 | CVE-2022-29315 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Invicti Acunetix Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used. | 8.8 |
| 2022-04-18 | CVE-2021-23286 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Eaton Intelligent Power Manager Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. | 8.0 |
| 2022-04-14 | CVE-2021-43257 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Mantisbt Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unprivileged attacker to execute code or gain access to information when a user opens the csv_export.php generated CSV file in Excel. | 7.8 |
| 2022-04-08 | CVE-2021-43515 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Kimai CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. | 7.8 |
| 2022-03-30 | CVE-2022-23868 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ruoyi 4.7.2 RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file. | 7.8 |
| 2022-03-24 | CVE-2022-26249 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Surveyking Project Surveyking 0.3.0 Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack. | 9.8 |
| 2022-03-10 | CVE-2021-39022 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | 8.8 |
| 2022-02-11 | CVE-2021-46363 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Magnolia-Cms Magnolia CMS An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. | 7.8 |