Sinfosec

**Name of the Vulnerable Software and Affected Versions** Workday versions prior to 33 **Description** A CSV Injection issue exists in the export feature, allowing a low-privileged user to inject malicious values via a contact form field. These values are mishandled in the CSV export, potentially leading to exploitation. **Recommendations** For versions prior to 33, update to version 33 or later to resolve the issue. As a temporary workaround, consider restricting access to the export feature or validating and sanitizing user input in the contact form field to minimize the risk of exploitation.