CVE-2022-26867
5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Summary
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell | PowerStore | unspecified < PowerStore SW v2.1.1.0 | affected |
Weaknesses
- CWE-1236: CWE-1236: Improper Neutralization of Formula Elements in a CSV File
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.