Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/05/06 8:22 p.m.8 views

CVE-2026-35453

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HTML Writer skips htmlspecialchars output escaping when a cell uses a custom number format containin...

5.4CVSS6AI score0.00202EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/05 7:39 p.m.8 views

CVE-2026-35453 PhpSpreadsheet XSS via number format text substitution in HTML Writer

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HTML Writer skips htmlspecialchars output escaping when a cell uses a custom number format containin...

4.8CVSS6AI score0.00202EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/28 10:50 p.m.14 views

PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer

Summary The HTML Writer in PhpSpreadsheet bypasses htmlspecialchars output escaping when a cell uses a custom number format containing the @ text placeholder with additional literal text e.g., @ "items" or "Total: "@. This allows an attacker to inject arbitrary HTML and JavaScript into the...

5.4CVSS5.7AI score0.00202EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/18 8:19 p.m.6 views

GHSA-QVC2-MG72-JJHX JustHTML Affected by Mutation XSS via Literal Text Serialization in Raw Text Elements (style/script)

Summary Sanitized DOM trees can be unsafe to serialize when a custom policy allows raw-text elements such as or . The issue affects DOM trees that are constructed or modified programmatically and then passed through sanitizedom with a policy that keeps these elements. Text nodes inside and are...

5.3CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder