CWE · MITRE source
CWE-1236Improper Neutralization of Formula Elements in a CSV File
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2019-12765 | 3.8 | 9.8 | 0.3093 | 2019-06-11 |
CVE-2018-11652 | 3.3 | 9.8 | 0.2165 | 2018-06-01 |
CVE-2021-33256 | 2.8 | 8.8 | 0.1741 | 2021-08-09 |
CVE-2020-9372 | 2.7 | 7.8 | 0.1934 | 2020-03-04 |
CVE-2024-29375 | 2.7 | 9.8 | 0.1170 | 2024-04-04 |
CVE-2019-14749 | 2.6 | 8.8 | 0.1337 | 2019-08-07 |
CVE-2020-11548 | 2.6 | 9.8 | 0.1072 | 2020-04-05 |
CVE-2018-9107 | 2.5 | 8.8 | 0.1199 | 2018-03-28 |
CVE-2020-10131 | 2.5 | 9.8 | 0.0884 | 2023-09-06 |
CVE-2018-9035 | 2.4 | 9.6 | 0.0841 | 2018-04-04 |
CVE-2019-0403 | 2.3 | 9.8 | 0.0569 | 2019-12-11 |
CVE-2020-25398 | 2.3 | 8.8 | 0.0953 | 2020-11-05 |
CVE-2018-9106 | 2.2 | 8.8 | 0.0680 | 2018-03-28 |
CVE-2022-0142 | 2.2 | 9.8 | 0.0466 | 2022-04-12 |
CVE-2018-20752 | 2.1 | 9.8 | 0.0292 | 2019-02-04 |
CVE-2020-9347 | 2.1 | 9.8 | 0.0250 | 2020-03-16 |
CVE-2020-7947 | 2.1 | 9.8 | 0.0181 | 2020-04-01 |
CVE-2022-3393 | 2.1 | 9.8 | 0.0228 | 2022-10-25 |
CVE-2018-8092 | 2.0 | 9.8 | 0.0049 | 2018-04-18 |
CVE-2018-15474 | 2.0 | 9.6 | 0.0102 | 2018-09-07 |
CVE-2019-13144 | 2.0 | 9.8 | 0.0105 | 2019-07-05 |
CVE-2019-15092 | 2.0 | 7.3 | 0.0841 | 2019-08-23 |
CVE-2019-16184 | 2.0 | 9.8 | 0.0058 | 2019-09-09 |
CVE-2019-4521 | 2.0 | 9.8 | 0.0104 | 2019-12-10 |
CVE-2020-22276 | 2.0 | 9.8 | 0.0121 | 2020-11-04 |