CSV Injection with the CSV export feature
Low
Vulnerability Details
**Step to reproduce :**
1.go to https://hosted.weblate.org/dictionaries/aptoide-uploader/bn/#add
2.add "=1+1" to **Source** and ** Translation** filed
{F178723}
3.now do **CSV export**
4.you can see all the cell is displayed as "2" which means the code is executed.
Best Regad's,
Jay Patel
Actions
View on HackerOneReport Stats
- Report ID: 223344
- State: Closed
- Substate: resolved
- Upvotes: 5