Vulnerabilities > Improper Neutralization of Formula Elements in a CSV File
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-02 | CVE-2023-29918 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Rosariosis 10.8.4 RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. | 5.4 |
| 2023-04-25 | CVE-2023-25348 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Churchcrm 4.5.3 ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. | 7.8 |
| 2023-04-24 | CVE-2023-2258 | Improper Neutralization of Formula Elements in a CSV File vulnerability in ALF Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | 8.8 |
| 2023-04-11 | CVE-2023-29109 | Improper Neutralization of Formula Elements in a CSV File vulnerability in SAP products The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. | 4.6 |
| 2023-03-07 | CVE-2023-25611 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Fortianalyzer A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names. | 7.3 |
| 2023-01-09 | CVE-2022-35281 | Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. | 8.8 |
| 2023-01-01 | CVE-2022-37786 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Wecube-Platform Project Wecube-Platform 3.2.2 An issue was discovered in WeCube Platform 3.2.2. | 6.3 |
| 2022-11-29 | CVE-2022-4034 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Dwbooster Appointment Hour Booking The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. | 7.8 |
| 2022-11-29 | CVE-2022-41675 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Raidenmaild A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. | 8.0 |
| 2022-11-21 | CVE-2022-44830 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Event Registration Application Project Event Registration Application 1.0 Sourcecodester Event Registration App v1.0 was discovered to contain multiple CSV injection vulnerabilities via the First Name, Contact and Remarks fields. | 7.8 |