CSV Injection

CSV Excel Macro Injection also known as CEMI.

Many web applications allow the user to download content such as templates for invoices or user settings to a CSV file. Many users choose to open the CSV file in either Excel,Libre Office or Open Office. When a web application does not properly validate the contents of the CSV file, it could lead to contents of a cell or many cells being executed.

More info, probably first report of its kind:
 * CSV Injection Hackerone
 * CSV Vulnerabilities

This attack exploits the trust of the user in two ways: 1. The user trusts the site that the content is coming from. 2. The user assumes that it is only a csv file and that it won't contain functions or macro's and won't care about any warnings from Excel about potential malicious functionality in the file.