Tag

Csv-Injection

3 briefs RSS

ABB B&R Automation Runtime Multiple Vulnerabilities

ABB B&R Automation Runtime versions before 6.4 are vulnerable to predictable number generation (CVE-2025-3449), reflected XSS (CVE-2025-3448), and CSV injection (CVE-2025-11498), potentially allowing attackers to hijack sessions or execute arbitrary code in a user's browser context.

Automation Runtime ics xss session hijacking csv injection cve-2025-3449 cve-2025-3448 cve-2025-11498

2r 1t 3c May 21, 2026

high advisory

ERPGo SaaS 3.9 CSV Injection Vulnerability

2 rules 1 TTP 1 CVE

ERPGo SaaS version 3.9 is vulnerable to CSV injection, allowing authenticated attackers to execute arbitrary code by injecting malicious formulas into the vendor name field during vendor creation, which are then executed when the exported CSV file is opened in a spreadsheet application.

ERPGo SaaS 3.9 csv-injection code-execution web-application

2r 1t 1c May 5, 2026

high advisory

wger CSV/TSV Formula Injection Vulnerability

2 rules 1 TTP 3 IOCs

A CSV/TSV injection vulnerability exists in wger <= 2.5, allowing malicious gym members to inject spreadsheet formulas into their profiles, which are then executed when an administrator exports and opens the member list, potentially leading to data exfiltration and remote code execution.

wger csv-injection formula-injection web-application data-exfiltration

2r 1t 3i Jan 3, 2024