4 matches found
CVE-2026-35453
PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HTML Writer skips htmlspecialchars output escaping when a cell uses a custom number format containin...
CVE-2026-35453 PhpSpreadsheet XSS via number format text substitution in HTML Writer
PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HTML Writer skips htmlspecialchars output escaping when a cell uses a custom number format containin...
PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer
Summary The HTML Writer in PhpSpreadsheet bypasses htmlspecialchars output escaping when a cell uses a custom number format containing the @ text placeholder with additional literal text e.g., @ "items" or "Total: "@. This allows an attacker to inject arbitrary HTML and JavaScript into the...
GHSA-QVC2-MG72-JJHX JustHTML Affected by Mutation XSS via Literal Text Serialization in Raw Text Elements (style/script)
Summary Sanitized DOM trees can be unsafe to serialize when a custom policy allows raw-text elements such as or . The issue affects DOM trees that are constructed or modified programmatically and then passed through sanitizedom with a policy that keeps these elements. Text nodes inside and are...