• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-1236

CVE-2019-16959

February 26, 2023 by

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.

CVE-2019-16184

February 26, 2023 by

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.

CVE-2019-16120

February 26, 2023 by

CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the “All Post> Ticketed > Attendees” Export Attendees feature.

CVE-2019-15092

February 26, 2023 by

The webtoffee “WordPress Users & WooCommerce Customers Import Export” plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.

CVE-2019-14749

February 26, 2023 by

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected.

CVE-2019-14352

February 26, 2023 by

** DISPUTED ** In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists, as demonstrated by jw/web/userview/crm_community/crm_userview_sales/_/account_new with the Account ID or Account Name field. NOTE: the vendor disputes the relevance of this finding because CSV is not the intended export format for spreadsheet applications.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 11
  • Go to page 12
  • Go to page 13
  • Go to page 14
  • Go to page 15
  • Interim pages omitted …
  • Go to page 26
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE