9 matches found
EUVD-2025-0021
Malicious code in bioql PyPI...
CVE-2024-56366
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the Accounting.php file. Using the...
Reflected Cross-Site Scripting (Reflected XSS)
phpoffice/phpspreadsheet is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to insufficient input sanitization in the Accounting.php file, which allows an attacker to inject malicious scripts...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Accounting.php file due to improper sanitization of the currency parameter. An attacker can execute arbitrary JavaScript code in the user's browser by crafting malicious input that is improperly...
Cross-site Scripting (XSS)
Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Accounting.php file due to improper sanitization of the currency parameter. An attacker can...
CVE-2024-56366
PhpSpreadsheet contains an unauthorized reflected XSS in Accounting.php via the currency parameter. Affected versions are prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7. The vulnerability can be triggered using the samples/Wizards/NumberFormat/Accounting.php script (PoC shown in the referenced material...
CVE-2024-56366 PhpSpreadsheet vulnerable to unauthorized reflected XSS in the Accounting.php file
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the Accounting.php file. Using the...
CVE-2024-56366 PhpSpreadsheet vulnerable to unauthorized reflected XSS in the Accounting.php file
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the Accounting.php file. Using the...
PT-2024-10176 · Phpoffice · Phpspreadsheet
Name of the Vulnerable Software and Affected Versions: PhpSpreadsheet versions prior to 3.7.0 PhpSpreadsheet versions prior to 2.3.5 PhpSpreadsheet versions prior to 2.1.6 PhpSpreadsheet versions prior to 1.29.7 Description: The issue is related to unauthorized reflected cross-site scripting in t...