Unrated severityNVD Advisory· Published Feb 8, 2022· Updated Aug 3, 2024

CVE-2022-21241

Description

Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag.

Affected products

Plus One/Csv+v5
Range: prior to 0.8.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/plusone-masaki/csv-plus/releases/tag/v0.8.1mitrex_refsource_MISC
jvn.jp/en/jp/JVN67396225/index.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.024
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000