Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
excel vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-46349
In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with a trivial ht...
Myprestamodules Updateproducts
9.8
CVSSv3
CVE-2023-45387
In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().`
Myprestamodules Exportproducts
9.8
CVSSv3
CVE-2022-26249
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing malicious users to execute arbitrary code or access sensitive information via a CSV injection attack.
Surveyking Project Surveyking 0.3.0
9.8
CVSSv3
CVE-2022-23640
Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patc...
Excel Streaming Reader Project Excel Streaming Reader
9.8
CVSSv3
CVE-2021-38180
SAP Business One - version 10.0, allows an malicious user to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim a...
Sap Business One 10.0
9.8
CVSSv3
CVE-2020-0901
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
Microsoft Office 2013
Microsoft Office 2010
Microsoft Office 2016
Microsoft Office 2019
Microsoft 365 Apps -
9.8
CVSSv3
CVE-2020-7947
An issue exists in the Login by Auth0 plugin prior to 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of ...
Auth0 Login By Auth0
9.8
CVSSv3
CVE-2020-9347
Zoho ManageEngine Password Manager Pro up to and including 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation t...
Zohocorp Manageengine Password Manager Pro 10.4
Zohocorp Manageengine Password Manager Pro 10.3
Zohocorp Manageengine Password Manager Pro 10.2
Zohocorp Manageengine Password Manager Pro 10.1
Zohocorp Manageengine Password Manager Pro 10.0
9.8
CVSSv3
CVE-2015-5463
AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and previous versions allows remote malicious users to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical...
Axiomsl Axiom
9.8
CVSSv3
CVE-2018-20752
An issue exists in Recon-ng prior to 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result...
Recon-ng Project Recon-ng
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267
XML injection
CVE-2024-37673
CVE-2024-6266
CVE-2024-30078
arbitrary
CVE-2024-36886
CVE-2024-5346
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »