An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
Published June 11, 2019.
Joomla Joomla!