CVE-2021-1474

HIGH Year: 2021
CVSS v3 Score
8.6
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-1236
View all →

Vulnerability Description

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Related Vulnerabilities

CVE-2018-15571

HIGH
CVSS:8.6(High)

The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection.

CWE-12362018

CVE-2018-16308

HIGH
CVSS:8.6(High)

The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.

CWE-12362018

CVE-2018-10255

HIGH
CVSS:8.8(High)

A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, lead...

CWE-12362018

CVE-2018-10257

HIGH
CVSS:8.8(High)

A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading ...

CWE-12362018

CVE-2018-10258

HIGH
CVSS:8.8(High)

A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to pos...

CWE-12362018

CVE-2018-20468

HIGH
CVSS:8.8(High)

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside ...

CWE-12362018