Description

It is possible to inject formulas into fields that are later exported as part of CSV files and can be interpreted by Excel.

Impact

Inject code into fields to create malicious formulas.

Recommendation

Sanitize all the fields that will be exported to the server when the exported file is generated.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 15 minutes.

Requirements

Fixes