347 matches found
solspace/craft-freeform Vulnerable to XSS in `PhpSpreadsheet` HTML Writer Due to Unsanitized Styling Data
Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. \PhpOffice\PhpSpreadsheet\Writer\Html doesn't sanitize spreadsheet styling...
GHSA-44JG-MV3H-WJ6G solspace/craft-freeform Vulnerable to XSS in `PhpSpreadsheet` HTML Writer Due to Unsanitized Styling Data
Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. \PhpOffice\PhpSpreadsheet\Writer\Html doesn't sanitize spreadsheet styling...
CVE-2025-23210
phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting XSS sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1....
Exploit for CVE-2024-45427
CVE-2024-45427 Exploit Generator This script generates a malic...
PT-2026-1691
Name of the Vulnerable Software and Affected Versions PhpSpreadsheet affected versions not specified Description A stored cross-site scripting XSS issue exists in PhpSpreadsheet. Exploit code has been released for this issue. The vulnerability allows for the injection of malicious scripts into we...
CVE-2025-58051
Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leake...
CVE-2025-58051 Nextcloud Tables app allowed to include local file via PhpSpreadsheet when importing a table
Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leake...
CVE-2025-58051 Nextcloud Tables app allowed to include local file via PhpSpreadsheet when importing a table
Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leake...
EUVD-2025-34797
Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leake...
CVE-2025-58051 Nextcloud Tables app allowed to include local file via PhpSpreadsheet when importing a table
Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leake...
Tables app allowed to include local file via PhpSpreadsheet when importing a table
None...
EUVD-2021-0945
Malware in sbrugna...
EUVD-2019-0766
Malware in sbrugna...
EUVD-2025-0028
Malicious code in bioql PyPI...
EUVD-2025-0039
Malicious code in bioql PyPI...
EUVD-2025-0027
Malicious code in bioql PyPI...
EUVD-2025-0053
Malicious code in bioql PyPI...
EUVD-2024-2584
Malicious code in bioql PyPI...
EUVD-2025-0033
Malicious code in bioql PyPI...
EUVD-2024-3153
Malicious code in bioql PyPI...