10 matches found
EUVD-2025-34797
Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leake...
EUVD-2025-0027
Malicious code in bioql PyPI...
Nextcloud: Path Traversal Vulnerability in Nextcloud Tables Enables Arbitrary File Exfiltration of Any Files Supported by PhpSpreadsheet Library
A path traversal vulnerability was discovered in Nextcloud Tables. This vulnerability allowed the exfiltration of any files supported by the PhpSpreadsheet library...
CVE-2024-56408
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php file, which leads to the possibility of a cross-site scripting attack...
CVE-2024-45060
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. One of the sample scripts in PhpSpreadsheet is susceptible to a cross-site scripting XSS vulnerability due to improper handling of input where a number is expected leading to formula injection. The code in in...
CVE-2025-22131 Cross-Site Scripting (XSS) vulnerability in generateNavigation() function
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting XSS vulnerability in the code which translates the XLSX file into a HTML representation and displays it in the response...
CVE-2024-56366
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the Accounting.php file. Using the...
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE) Vulnerability
Exploit for php platform in category web applications Product Description PhpSpreadsheet is a library written in pure PHP that provides a set of classes allowing users to read from and write to different spreadsheet file formats, such as Excel and LibreOffice Calc. Vulnerabilities List One...
PhpSpreadsheet 1.5.0 - XML External Entity (XXE)
PhpSpreadsheet 1.5.0 - XML External Entity XXE Product Description PhpSpreadsheet is a library written in pure PHP that provides a set of classes allowing users to read from and write to different spreadsheet file formats, such as Excel and LibreOffice Calc. Vulnerabilities List One vulnerability...
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)
Product Description PhpSpreadsheet is a library written in pure PHP that provides a set of classes allowing users to read from and write to different spreadsheet file formats, such as Excel and LibreOffice Calc. Vulnerabilities List One vulnerability was identified within the PhpSpreadsheet...