Total
241 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51763 | 1 Activeadmin | 1 Active Admin | 2024-11-21 | N/A | 9.8 CRITICAL |
| csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection. | |||||
| CVE-2023-50448 | 1 Activeadmin | 1 Activeadmin | 2024-11-21 | N/A | 6.5 MEDIUM |
| In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certain specific times. | |||||
| CVE-2023-4006 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16. | |||||
| CVE-2023-48207 | 1 Phpjabbers | 1 Availability Booking Calendar | 2024-11-21 | N/A | 8.8 HIGH |
| Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. | |||||
| CVE-2023-48029 | 1 Corebos | 1 Corebos | 2024-11-21 | N/A | 8.0 HIGH |
| Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer. | |||||
| CVE-2023-47534 | 1 Fortinet | 1 Forticlient Endpoint Management Server | 2024-11-21 | N/A | 9.6 CRITICAL |
| A improper neutralization of formula elements in a csv file in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.10, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through 6.0.8 allows attacker to execute unauthorized code or commands via specially crafted packets. | |||||
| CVE-2023-47022 | 1 Ncr | 1 Terminal Handler | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection. | |||||
| CVE-2023-43071 | 1 Dell | 1 Smartfabric Storage Software | 2024-11-21 | N/A | 4.4 MEDIUM |
| Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks. | |||||
| CVE-2023-42004 | 1 Ibm | 1 Security Guardium | 2024-11-21 | N/A | 8.0 HIGH |
| IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262. | |||||
| CVE-2023-3527 | 1 Avaya | 1 Call Management System | 2024-11-21 | N/A | 6.8 MEDIUM |
| A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel. | |||||
| CVE-2023-3493 | 1 Fossbilling | 1 Fossbilling | 2024-11-21 | N/A | 8.0 HIGH |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3. | |||||
| CVE-2023-3302 | 1 Admidio | 1 Admidio | 2024-11-21 | N/A | 7.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9. | |||||
| CVE-2023-38843 | 1 Atlos | 1 Atlos | 2024-11-21 | N/A | 8.0 HIGH |
| An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted payload into the description field in the incident function. | |||||
| CVE-2023-37219 | 1 Tadirantele | 1 Aeonix | 2024-11-21 | N/A | 7.3 HIGH |
| Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File | |||||
| CVE-2023-36527 | 1 Bestwebsoft | 1 Post To Csv | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0. | |||||
| CVE-2023-35899 | 2024-11-21 | N/A | 7.0 HIGH | ||
| IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 259354. | |||||
| CVE-2023-31867 | 1 Sage | 1 X3 | 2024-11-21 | N/A | 7.2 HIGH |
| Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection. | |||||
| CVE-2023-31296 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-11-21 | N/A | 5.3 MEDIUM |
| CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. | |||||
| CVE-2023-31295 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-11-21 | N/A | 7.5 HIGH |
| CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. | |||||
| CVE-2023-31294 | 1 Sesami | 1 Cash Point \& Transport Optimizer | 2024-11-21 | N/A | 7.5 HIGH |
| CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field. | |||||