14 matches found
CVE-2026-40296
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal...
CVE-2026-40296 PhpSpreadsheet vulnerable to XSS in HTML writer via custom number format codes
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a cell has a custom number format containing the text placeholder @ along with any additional literal...
PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer
Summary The HTML Writer in PhpSpreadsheet bypasses htmlspecialchars output escaping when a cell uses a custom number format containing the @ text placeholder with additional literal text e.g., @ "items" or "Total: "@. This allows an attacker to inject arbitrary HTML and JavaScript into the...
GHSA-6WPP-88CP-7Q68 PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer
Summary The HTML Writer in PhpSpreadsheet bypasses htmlspecialchars output escaping when a cell uses a custom number format containing the @ text placeholder with additional literal text e.g., @ "items" or "Total: "@. This allows an attacker to inject arbitrary HTML and JavaScript into the...
PT-2026-24136
Name of the Vulnerable Software and Affected Versions Pocket ID versions 2.0.0 through 2.4.0 Description A flaw in callback URL validation allowed crafted redirect uri values containing URL userinfo @ to bypass legitimate callback pattern checks. If an attacker can trick a user into opening a...
EUVD-2026-8816
Koa has Host Header Injection via ctx.hostname...
Interpretation Conflict
Overview org.webjars.npm:nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to Interpretation Conflict due to improper handling of quoted local-parts containing @. An attacker can cause emails to be sent to unintended...
Interpretation Conflict
Overview nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to Interpretation Conflict due to improper handling of quoted local-parts containing @. An attacker can cause emails to be sent to unintended external recipients o...
GHSA-JC6W-8R7F-VMP5 Mattermost Server vulnerable to Denial of Service through `@` character prefix inserted into JavaScript field names
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service application crash via an @ character before a JavaScript field name...
CVE-2022-0639
An authorization bypass flaw was found in url-parse. This flaw allows a local unauthenticated attacker to add an at symbol @ while submitting a URL. This issue enables the bypass of validation or block-listing restrictions...
PT-2022-13320
Name of the Vulnerable Software and Affected Versions url-parse versions prior to 1.5.7 Description The issue allows for authorization bypass through a user-controlled key. A specially crafted URL with an '@' sign but empty user info and no hostname, when parsed with url-parse, will return the...
Unspecified Vulnerability in Mattermost Server (CNVD-2020-35446)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server, which can be exploited by an attacker to cause a denial of service application crash with the help of the @ character before the JavaScript fiel...
Ruby String#unpack Method Information Disclosure Vulnerability
Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. An information disclosure vulnerability exists in the Stringunpack method of Ruby, which stems from the program's failure to properly handle the '@'...
Buffer under-read in String#unpack
An attacker controlling the unpacking format similar to format string vulnerabilities can trigger a buffer under-read in the Stringunpack method, resulting in a massive and controlled information disclosure. Stringunpack receives format specifiers as its parameter, and can be specified the positi...