11 matches found
EUVD-2025-16521
Malicious code in bioql PyPI...
XML External Entity (XXE) Injection
PHPOffice/math is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper XML parsing using the LIBXMLDTDLOAD flag without filtering, allowing external entity resolution when loading XML data...
CVE-2025-48882
PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...
XML External Entity (XXE) Injection
Overview phpoffice/math is a Math - Manipulate Math Formula Affected versions of this package are vulnerable to XML External Entity XXE Injection via the libxml extension and the LIBXMLDTDLOAD flag. An attacker can extract sensitive data or cause a denial of service by sending specially crafted X...
CVE-2025-48882
PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...
CVE-2025-48882
PHPOffice Math prior to 0.3.0 is vulnerable to XML External Entity (XXE) injection when loading XML data with LIBXML_DTDLOAD (e.g., MathML parsing). The vulnerability allows an attacker to read local files or cause denial of service via crafted XML; the issue is fixed in 0.3.0. Remediation: upgra...
CVE-2025-48882 PHPOffice Math allows XXE when processing an XML file in the MathML format
PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...
CVE-2025-48882 PHPOffice Math allows XXE when processing an XML file in the MathML format
PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...
CVE-2025-48882 PHPOffice Math allows XXE when processing an XML file in the MathML format
PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard libxml extension and the LIBXMLDTDLOAD flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability...
PHPOffice Math allows XXE when processing an XML file in the MathML format
Product: Math Version: 0.2.0 CWE-ID: CWE-611: Improper Restriction of XML External Entity Reference CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Description: An attacker can create a special XML file, duri...
PT-2025-23222 · Phpoffice · Phpoffice Math
Name of the Vulnerable Software and Affected Versions: PHPOffice Math versions prior to 0.3.0 Description: The issue allows an attacker to create a special XML file that, when processed, loads external entities, enabling the reading of local server files. This is due to the use of the libxml...