Total
201 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23654 | 1 Html-to-csv Project | 1 Html-to-csv | 2024-11-21 | 7.5 HIGH | 5.6 MEDIUM |
| This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files. | |||||
| CVE-2021-23286 | 1 Eaton | 1 Intelligent Power Manager | 2024-11-21 | 7.9 HIGH | 5.7 MEDIUM |
| Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions. | |||||
| CVE-2021-22771 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 6.0 MEDIUM | 7.3 HIGH |
| A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution. | |||||
| CVE-2021-22153 | 1 Blackberry | 1 Unified Endpoint Management | 2024-11-21 | 6.0 MEDIUM | 7.3 HIGH |
| A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine with the authority of the user. | |||||
| CVE-2021-21302 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 6.5 MEDIUM | 6.8 MEDIUM |
| PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2 | |||||
| CVE-2021-1475 | 1 Cisco | 1 Umbrella | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1474 | 1 Cisco | 1 Umbrella | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-9466 | 1 Export Users To Csv Project | 1 Export Users To Csv | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection. | |||||
| CVE-2020-9372 | 1 Codepeople | 1 Appointment Booking Calendar | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection. | |||||
| CVE-2020-9347 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be provided by an external application, and do not plan to add CSV constraints to their own products | |||||
| CVE-2020-9205 | 1 Huawei | 1 Manageone | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device. | |||||
| CVE-2020-9200 | 1 Huawei | 1 Imanager Neteco 6000 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device. | |||||
| CVE-2020-9017 | 1 Litecart | 1 Litecart | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| LiteCart through 2.2.1 allows CSV injection via a customer's profile. | |||||
| CVE-2020-7947 | 1 Auth0 | 1 Login By Auth0 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded. | |||||
| CVE-2020-7049 | 1 Nozominetworks | 1 Guardian | 2024-11-21 | 8.5 HIGH | 7.3 HIGH |
| Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection. | |||||
| CVE-2020-4759 | 1 Ibm | 1 Filenet Content Manager | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 188736. | |||||
| CVE-2020-4689 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 8.5 HIGH | 6.8 MEDIUM |
| IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696. | |||||
| CVE-2020-4633 | 1 Ibm | 1 Resilient Security Orchestration Automation And Response | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation. | |||||
| CVE-2020-4627 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 9.0 HIGH | 9.0 CRITICAL |
| IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367. | |||||
| CVE-2020-4302 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to execute arbitrary code on the system, caused by a CSV injection. By persuading a victim to open a specially-crafted excel file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 176610. | |||||