• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-1236

CVE-2021-27839

February 23, 2023 by

A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients’ details that the user did not have access to.

CVE-2021-27020

February 23, 2023 by

Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.

CVE-2021-25960

February 23, 2023 by

In “SuiteCRM” application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by “CSV Injection” vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the data as a CSV file and opens it, the payload gets executed. This was not fixed properly as part of CVE-2020-15301, allowing the attacker to bypass the security measure.

CVE-2021-25962

February 23, 2023 by

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and opens it, the payload gets executed.

CVE-2021-24441

February 23, 2023 by

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue

CVE-2021-24144

February 23, 2023 by

Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 16
  • Go to page 17
  • Go to page 18
  • Go to page 19
  • Go to page 20
  • Interim pages omitted …
  • Go to page 26
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE