Total
241 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2629 | 1 Pimcore | 1 Customer Management Framework | 2024-11-21 | N/A | 7.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9. | |||||
| CVE-2023-2258 | 1 Alf | 1 Alf | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | |||||
| CVE-2023-29109 | 1 Sap | 4 Abap Platform, Application Interface Framework, Basis and 1 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel document, the formula will be executed. As a result, an attacker can cause limited impact on the confidentiality and integrity of the application. | |||||
| CVE-2023-28958 | 1 Ibm | 1 Watson Knowledge Catalog On Cloud Pak For Data | 2024-11-21 | N/A | 7.0 HIGH |
| IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782. | |||||
| CVE-2023-25611 | 1 Fortinet | 1 Fortianalyzer | 2024-11-21 | N/A | 4.0 MEDIUM |
| A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names. | |||||
| CVE-2023-23796 | 1 Web-settler | 1 Form Builder | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder | Create Responsive Contact Forms.This issue affects Form Builder | Create Responsive Contact Forms: from n/a through 1.9.9.0. | |||||
| CVE-2023-23678 | 1 Wpeka | 1 Wp Cookie Consent | 2024-11-21 | N/A | 7.2 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent ( for GDPR, CCPA & ePrivacy ).This issue affects WP Cookie Consent ( for GDPR, CCPA & ePrivacy ): from n/a through 2.2.5. | |||||
| CVE-2023-22877 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | N/A | 7.0 HIGH |
| IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368. | |||||
| CVE-2023-22719 | 1 Givewp | 1 Givewp | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1. | |||||
| CVE-2022-4034 | 1 Dwbooster | 1 Appointment Hour Booking | 2024-11-21 | N/A | 5.8 MEDIUM |
| The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | |||||
| CVE-2022-47442 | 1 Ayecode | 1 Userswp | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9. | |||||
| CVE-2022-46821 | 1 Jackmail | 1 Jackmail | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Jackmail & Sarbacane Emails & Newsletters with Jackmail.This issue affects Emails & Newsletters with Jackmail: from n/a through 1.2.22. | |||||
| CVE-2022-46809 | 1 Wpdeveloper | 1 Reviewx | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerce: from n/a through 1.6.7. | |||||
| CVE-2022-46804 | 1 Narolainfotech | 1 Export Users Data Distinct | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct.This issue affects Export Users Data Distinct: from n/a through 1.3. | |||||
| CVE-2022-46803 | 1 Noptin | 1 Noptin | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin – Noptin.This issue affects Simple Newsletter Plugin – Noptin: from n/a through 1.9.5. | |||||
| CVE-2022-46802 | 1 Webtoffee | 1 Product Reviews Import Export For Woocommerce | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce.This issue affects Product Reviews Import Export for WooCommerce: from n/a through 1.4.8. | |||||
| CVE-2022-46801 | 1 Geminilabs | 1 Site Reviews | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews.This issue affects Site Reviews: from n/a through 6.2.0. | |||||
| CVE-2022-46408 | 1 Ericsson | 1 Network Manager | 2024-11-21 | N/A | 6.8 MEDIUM |
| Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker would need admin/elevated access to exploit the vulnerability. | |||||
| CVE-2022-45360 | 1 Coffee2code | 1 Commenter Emails | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Scott Reilly Commenter Emails.This issue affects Commenter Emails: from n/a through 2.6.1. | |||||
| CVE-2022-45357 | 1 Lenderd | 1 1003 Mortgage Application | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75. | |||||