Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

ProjectSend Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2018-7201)

Description

CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.

Remediation

References

Related Vulnerabilities

Atlassian Confluence Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-20237)

WordPress Plugin Our Team Showcase Cross-Site Request Forgery (1.2)

WordPress Plugin Media Library Categories Multiple Cross-Site Scripting Vulnerabilities (1.1.1)

WordPress Plugin Hot Files:File Sharing and Download Manager Cross-Site Scripting (1.0.0)

Nginx CVE-2009-4487 Vulnerability (CVE-2009-4487)

Severity

High

Classification

CVE-2018-7201 CWE-1236

Tags

Missing Update Known Vulnerabilities