1 results (0.001 seconds)
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2021-23654 – Improper Input Validation
https://notcve.org/view.php?id=CVE-2021-23654
26 Nov 2021 — This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files. Esto afecta a todas las versiones del paquete html-to-csv. Cuando se presenta una fórmula insertada en una página HTML, se acepta sin ninguna comprobación y la misma se empuja mientras es convertida en ... • https://github.com/hanwentao/html2csv/blob/master/html2csv/converter.py • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •