CVE-2018-7201

CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.
Source: NIST
CVE-2018-7201