csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection.
Max CVSS
9.8
EPSS Score
0.06%
Published
2023-12-24
Updated
2024-01-03
In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain specific times.
Max CVSS
6.5
EPSS Score
0.09%
Published
2023-12-28
Updated
2024-01-04
Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-12-07
Updated
2023-12-11
Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer.
Max CVSS
8.0
EPSS Score
0.06%
Published
2023-11-17
Updated
2023-11-25
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection.
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-02-06
Updated
2024-02-13
Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-10-05
Updated
2023-10-06
IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262.
Max CVSS
8.8
EPSS Score
0.07%
Published
2023-11-28
Updated
2023-12-04
Improper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist – WordPress Business Directory Plugin with Classified Ads Listing.This issue affects Directorist – WordPress Business Directory Plugin with Classified Ads Listings: from n/a through 7.7.1.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-11-07
Updated
2023-11-14
An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted payload into the description field in the incident function.
Max CVSS
8.0
EPSS Score
0.06%
Published
2023-08-17
Updated
2023-08-23
Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-07-30
Updated
2023-08-04
Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-11-07
Updated
2023-11-15
Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-06-05
Updated
2023-06-09
Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection.
Max CVSS
7.2
EPSS Score
0.05%
Published
2023-06-22
Updated
2023-06-28
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field.
Max CVSS
5.3
EPSS Score
0.05%
Published
2023-12-29
Updated
2024-01-04
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-12-29
Updated
2024-01-08
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-12-29
Updated
2024-01-08
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module.
Max CVSS
5.4
EPSS Score
0.14%
Published
2023-05-02
Updated
2023-05-09
The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel document, the formula will be executed. As a result, an attacker can cause limited impact on the confidentiality and integrity of the application.
Max CVSS
4.6
EPSS Score
0.05%
Published
2023-04-11
Updated
2023-04-18
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-07-10
Updated
2023-07-13
Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-11-07
Updated
2023-11-15
A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names.
Max CVSS
7.3
EPSS Score
0.04%
Published
2023-03-07
Updated
2023-03-14
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.
Max CVSS
7.8
EPSS Score
0.06%
Published
2023-04-25
Updated
2023-04-28
Improper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder | Create Responsive Contact Forms.This issue affects Form Builder | Create Responsive Contact Forms: from n/a through 1.9.9.0.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-11-07
Updated
2023-11-15
Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent ( for GDPR, CCPA & ePrivacy ).This issue affects WP Cookie Consent ( for GDPR, CCPA & ePrivacy ): from n/a through 2.2.5.
Max CVSS
7.2
EPSS Score
0.05%
Published
2023-11-07
Updated
2023-11-15
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-08-28
Updated
2023-08-31
211 vulnerabilities found
1 2 3 4 5 6 7 8 9
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!