71 matches found
CVE-2025-23210
phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting XSS sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1....
EUVD-2021-0945
Malware in sbrugna...
EUVD-2025-16521
Malicious code in bioql PyPI...
EUVD-2022-1937
Malicious code in bioql PyPI...
Exploit for Cross-site Scripting in Phpoffice Phpspreadsheet
CVE-2025-22131 POC CVE-2025...
XML External Entity (XXE) Injection
PHPOffice/math is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper XML parsing using the LIBXMLDTDLOAD flag without filtering, allowing external entity resolution when loading XML data...
CVE-2025-48882
PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...
XML External Entity (XXE) Injection
Overview phpoffice/math is a Math - Manipulate Math Formula Affected versions of this package are vulnerable to XML External Entity XXE Injection via the libxml extension and the LIBXMLDTDLOAD flag. An attacker can extract sensitive data or cause a denial of service by sending specially crafted X...
CVE-2025-48882
PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...
CVE-2025-48882
PHPOffice Math prior to 0.3.0 is vulnerable to XML External Entity (XXE) injection when loading XML data with LIBXML_DTDLOAD (e.g., MathML parsing). The vulnerability allows an attacker to read local files or cause denial of service via crafted XML; the issue is fixed in 0.3.0. Remediation: upgra...
CVE-2025-48882 PHPOffice Math allows XXE when processing an XML file in the MathML format
PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...
CVE-2025-48882 PHPOffice Math allows XXE when processing an XML file in the MathML format
PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...
CVE-2025-48882 PHPOffice Math allows XXE when processing an XML file in the MathML format
PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...
Math 代码问题漏洞
Math is an open source math plugin for PHPOffice. A code issue vulnerability exists in versions of Math prior to 0.3.0 that stems from unfiltered XML data being loaded, which could lead to an XXE attack...
PHPOffice Math allows XXE when processing an XML file in the MathML format
Product: Math Version: 0.2.0 CWE-ID: CWE-611: Improper Restriction of XML External Entity Reference CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Description: An attacker can create a special XML file, duri...
PT-2025-23222 · Phpoffice · Phpoffice Math
Name of the Vulnerable Software and Affected Versions: PHPOffice Math versions prior to 0.3.0 Description: The issue allows an attacker to create a special XML file that, when processed, loads external entities, enabling the reading of local server files. This is due to the use of the libxml...
CVE-2025-23210
CVE-2025-23210 affects the PHPSpreadsheet library. Affected versions allow bypassing the XSS sanitizer when processing XML input, enabling execution of attacker-controlled JavaScript in the browser upon rendering HTML. The issue is fixed in PhpSpreadsheet versions 3.9.0, 2.3.7, 2.1.8, and 1.29.9;...
CVE-2025-23210 Bypass XSS sanitizer using the javascript protocol and special characters in phpoffice/phpspreadsheet
phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting XSS sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1....
CVE-2025-23210 Bypass XSS sanitizer using the javascript protocol and special characters in phpoffice/phpspreadsheet
phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting XSS sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1....
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the generateRow method. An attacker can execute arbitrary JavaScript code in the user's browser by crafting a malicious XML file that bypasses the XSS sanitizer when processed and rendered as HTML...