Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
silverstripeCMS Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2017-18049 - Vulnerability Database
silverstripeCMS

silverstripeCMS Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2017-18049

Medium
Reference: CVE-2017-18049
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-18049
Title: silverstripeCMS Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Overview:

In the CSV export feature of SilverStripe before 3.5.6 3.6.x before 3.6.3 and 4.x before 4.0.1 it39s possible for the output to contain macros and scripts which may be executed if imported without sanitization into common software (including Microsoft Excel). For example the CSV data may contain untrusted user input from the quotFirst Namequot field of a user39s /myprofile page.