CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-21241

Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.3

EPSS Ranking 96.5%

CVSS Severity

CVSS v3 Score 9.6

CVSS v2 Score 6.8

References

https://github.com/plusone-masaki/csv-plus/releases/tag/v0.8.1
https://jvn.jp/en/jp/JVN67396225/index.html
https://github.com/plusone-masaki/csv-plus/releases/tag/v0.8.1
https://jvn.jp/en/jp/JVN67396225/index.html

Products affected by CVE-2022-21241

Csv+ Project » Csv+ » Version: Any

cpe:2.3:a:csv+_project:csv+:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-21241

Products

Pricing

Contact Us