CVE-2020-28861
OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing u
CVSS
5.3
Medio
EPSS
2.2%
p81
KEV
—
Exploit Today
24
0-100
Publicado: 14 dic 2020 · Última mod.: 9 jul 2026 · CWE-1236
2.2%EPSS · 30 días2.3%
2026-06-302026-07-16
OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application.
- packetstormsecurity.comhttp://packetstormsecurity.com/files/160457/OpenAsset-Digital-Asset-Management-Insecure-Direct-Object-Reference.html
- seclists.orghttp://seclists.org/fulldisclosure/2020/Dec/22
- www.themissinglink.com.auhttps://www.themissinglink.com.au/security-advisories-cve-2020-28861
- packetstormsecurity.comhttp://packetstormsecurity.com/files/160457/OpenAsset-Digital-Asset-Management-Insecure-Direct-Object-Reference.html
- seclists.orghttp://seclists.org/fulldisclosure/2020/Dec/22
- www.themissinglink.com.auhttps://www.themissinglink.com.au/security-advisories-cve-2020-28861
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2019-147498.8 ALT94.9%
——28An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected.6dCVE-2023-318677.2 ALT50.9%
——15Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection.8dCVE-2025-505728.8 ALT30.3%
——9Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report against their product.11dCVE-2026-14846—25.1%
——8In version 8.2.1 of PrestaShop, there is a vulnerability relating to the incorrect sanitisation of elements, caused by inadequate validation of the ‘Alias’ parameter in the ‘Update your address’ function. This flaw allows an attacker to inject malicious expressions that are executed when the information is exported using the ‘Get my data in CSV’ tool. Successful exploitation of this vulnerability could facilitate unauthorised access to the victim’s personal data.3dCVE-2026-501794.2 MED20.6%
——6Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category strings to csv-stringify with no cast callback and no formula-prefix neutralization. Strings that begin with equals sign, plus, minus, at sign, tab, or carriage return survive verbatim into the exported CSV, and when a recipient opens the file in Excel, LibreOffice Calc, or Google Sheets, the strings are interpreted as formulas, enabling transaction data exfiltration and attacker-chosen spreadsheet display values. This issue is fixed in version 26.6.0.7dCVE-2026-554527.3 ALT14.2%
——4Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction() stores the request User-Agent header and ReportsController::postActivityReport() writes that value to the Activity Report CSV without formula escaping, allowing a low-privileged authenticated user to store a formula-like User-Agent that may execute when a report viewer opens the exported CSV in spreadsheet software. This issue is fixed in version 8.5.0.3d