{"vulnerability": "cve-2022-26867", "sightings": [{"uuid": "e9cb0a11-d356-4c25-b1ee-1cca1ca087c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26867", "type": "seen", "source": "https://t.me/cibsecurity/43775", "content": "\u203c CVE-2022-26867 \u203c\n\nPowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-03T00:25:47.000000Z"}]}