CVE-2019-12134

Name of the Vulnerable Software and Affected Versions Workday versions prior to 33

Description A CSV Injection issue exists in the export feature, allowing a low-privileged user to inject malicious values via a contact form field. These values are mishandled in the CSV export, potentially leading to exploitation.

Recommendations For versions prior to 33, update to version 33 or later to resolve the issue. As a temporary workaround, consider restricting access to the export feature or validating and sanitizing user input in the contact form field to minimize the risk of exploitation.