Total
176 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-31296 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-01-04 | N/A | 5.3 MEDIUM |
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. | |||||
CVE-2023-51763 | 1 Activeadmin | 1 Active Admin | 2024-01-03 | N/A | 9.8 CRITICAL |
csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection. | |||||
CVE-2020-16214 | 1 Philips | 1 Patient Information Center Ix | 2023-12-12 | 5.8 MEDIUM | 5.0 MEDIUM |
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | |||||
CVE-2023-48207 | 1 Phpjabbers | 1 Availability Booking Calendar | 2023-12-11 | N/A | 8.8 HIGH |
Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. | |||||
CVE-2023-25983 | 1 Liquidweb | 1 Kb Support | 2023-12-10 | N/A | 8.8 HIGH |
Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84. | |||||
CVE-2023-42004 | 1 Ibm | 1 Security Guardium | 2023-12-10 | N/A | 8.8 HIGH |
IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262. | |||||
CVE-2022-46804 | 1 Narolainfotech | 1 Export Users Data Distinct | 2023-12-10 | N/A | 8.8 HIGH |
Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3. | |||||
CVE-2023-48029 | 1 Corebos | 1 Corebos | 2023-12-10 | N/A | 8.0 HIGH |
Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer. | |||||
CVE-2023-38843 | 1 Atlos | 1 Atlos | 2023-12-10 | N/A | 8.0 HIGH |
An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted payload into the description field in the incident function. | |||||
CVE-2023-22877 | 1 Ibm | 1 Infosphere Information Server | 2023-12-10 | N/A | 8.8 HIGH |
IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368. | |||||
CVE-2023-37219 | 1 Tadirantele | 1 Aeonix | 2023-12-10 | N/A | 7.8 HIGH |
Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File | |||||
CVE-2020-10131 | 1 Searchblox | 1 Searchblox | 2023-12-10 | N/A | 9.8 CRITICAL |
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter. | |||||
CVE-2023-3527 | 1 Avaya | 1 Call Management System | 2023-12-10 | N/A | 6.8 MEDIUM |
A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel. | |||||
CVE-2022-28864 | 1 Nokia | 1 Netact | 2023-12-10 | N/A | 8.8 HIGH |
An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used. | |||||
CVE-2023-4006 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-10 | N/A | 9.8 CRITICAL |
Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16. | |||||
CVE-2023-43071 | 1 Dell | 1 Smartfabric Storage Software | 2023-12-10 | N/A | 5.4 MEDIUM |
Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks. | |||||
CVE-2023-29918 | 1 Rosariosis | 1 Rosariosis | 2023-12-10 | N/A | 5.4 MEDIUM |
RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. | |||||
CVE-2022-46408 | 1 Ericsson | 1 Network Manager | 2023-12-10 | N/A | 6.8 MEDIUM |
Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker would need admin/elevated access to exploit the vulnerability. | |||||
CVE-2023-2258 | 1 Alf | 1 Alf | 2023-12-10 | N/A | 8.8 HIGH |
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | |||||
CVE-2023-28958 | 1 Ibm | 1 Watson Knowledge Catalog On Cloud Pak For Data | 2023-12-10 | N/A | 7.8 HIGH |
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782. |