| Title | Incorta 2023.4.3 CSV Injection |
|---|
| Description | During the assessment of the on-premise Incorta application, I identified a vulnerability by which we can pass the malicious CSV macro script in the application. Later this payload will be downloaded in the CSV file and executed on the user side. |
|---|
| Source | ⚠️ https://localhost/v1/query/download |
|---|
| User | Zaid Shaikh (UID 79527) |
|---|
| Submission | 02/18/2025 14:42 (1 Year ago) |
|---|
| Moderation | 03/02/2025 09:04 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 298104 [Incorta 2023.4.3 Edit Insight Service Name csv injection] |
|---|
| Points | 16 |
|---|