A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server.

Related CVEs

CVE-2019-6187

Key Information

GHSA ID

GHSA-hvmh-jgw7-f7xg

Published

May 24, 2022 5:01 PM

Last Modified

May 24, 2022 5:01 PM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 12, 2025 6:34 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.