10 matches found
EUVD-2025-0021
Malicious code in bioql PyPI...
CVE-2024-56366
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the Accounting.php file. Using the...
Vulnerability of the Accounting.php script (/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Accounting.php) in the PhpSpreadsheet library, which allows attackers to perform cross-site scripting attacks.
The vulnerability in the Accounting.php script /phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Accounting.php of the PhpSpreadsheet library is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows an attacker to perform cross-site...
Reflected Cross-Site Scripting (Reflected XSS)
phpoffice/phpspreadsheet is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to insufficient input sanitization in the Accounting.php file, which allows an attacker to inject malicious scripts...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Accounting.php file due to improper sanitization of the currency parameter. An attacker can execute arbitrary JavaScript code in the user's browser by crafting malicious input that is improperly...
Cross-site Scripting (XSS)
Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Accounting.php file due to improper sanitization of the currency parameter. An attacker can...
CVE-2024-56366 PhpSpreadsheet vulnerable to unauthorized reflected XSS in the Accounting.php file
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the Accounting.php file. Using the...
CVE-2024-56366 PhpSpreadsheet vulnerable to unauthorized reflected XSS in the Accounting.php file
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the Accounting.php file. Using the...
CVE-2024-56366
PhpSpreadsheet contains an unauthorized reflected XSS in Accounting.php via the currency parameter. Affected versions are prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7. The vulnerability can be triggered using the samples/Wizards/NumberFormat/Accounting.php script (PoC shown in the referenced material...
PT-2024-10176 · Phpoffice · Phpspreadsheet
Name of the Vulnerable Software and Affected Versions: PhpSpreadsheet versions prior to 3.7.0 PhpSpreadsheet versions prior to 2.3.5 PhpSpreadsheet versions prior to 2.1.6 PhpSpreadsheet versions prior to 1.29.7 Description: The issue is related to unauthorized reflected cross-site scripting in t...