Lucene search
K

344 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:57 a.m.6 views

CVE-2024-56411

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting XSS vulnerability of the hyperlink base in the HTML page header. The HTML page is formed without sanitizing the hyperlink base. Versions 3.7.0,...

5.4CVSS5.6AI score0.00352EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/20 11:15 p.m.8 views

CVE-2024-56408

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php file, which leads to the possibility of a cross-site scripting attack...

8.3CVSS6.3AI score0.00395EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/02/17 12:0 a.m.10 views

The vulnerability of the generateNavigation() function in the PHP Spreadsheet library, which allows attackers to perform cross-site scripting attacks

The vulnerability of the generateNavigation function in the PhpSpreadsheet PHP library is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a remote attacker to perform cross-site scripting attacks...

5CVSS5.3AI score0.00371EPSS
Exploits4References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 8:28 a.m.15 views

CVE-2024-47873

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using...

7.5CVSS6.5AI score0.0076EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:43 a.m.7 views

CVE-2024-45293

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel XLS...

7.5CVSS7.3AI score0.02859EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:42 a.m.10 views

CVE-2024-45060

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. One of the sample scripts in PhpSpreadsheet is susceptible to a cross-site scripting XSS vulnerability due to improper handling of input where a number is expected leading to formula injection. The code in in...

7.1CVSS6.1AI score0.00466EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:39 a.m.4 views

CVE-2024-45048

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions are subject to a bypassing of a filter which allows for an XXE-attack. This in turn allows attacker to obtain contents of local files, even if error reporting is muted. This vulnerability has been...

8.8CVSS6.4AI score0.0057EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:30 a.m.7 views

CVE-2024-45290

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided...

7.7CVSS6.5AI score0.00579EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:35 p.m.18 views

CVE-2024-48917

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current...

7.5CVSS6.5AI score0.0076EPSS
Exploits2
Veracode
Veracode
added 2025/02/04 4:26 a.m.12 views

Cross-Site Scripting (XSS)

PhpSpreadsheet is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user input, allowing the use of the JavaScript protocol and special characters to bypass the XSS filter...

4.8CVSS5.7AI score0.00403EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2025/02/03 10:15 p.m.68 views

CVE-2025-23210

phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting XSS sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1....

4.8CVSS0.00403EPSS
Exploits0References2
OSV
OSV
added 2025/02/03 9:14 p.m.24 views

CVE-2025-23210 Bypass XSS sanitizer using the javascript protocol and special characters in phpoffice/phpspreadsheet

phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting XSS sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1....

4.8CVSS6.2AI score0.00403EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/02/03 9:14 p.m.78 views

CVE-2025-23210 Bypass XSS sanitizer using the javascript protocol and special characters in phpoffice/phpspreadsheet

phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting XSS sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1....

4.8CVSS0.00403EPSS
Exploits0References2
CVE
CVE
added 2025/02/03 9:14 p.m.82 views

CVE-2025-23210

CVE-2025-23210 affects the PHPSpreadsheet library. Affected versions allow bypassing the XSS sanitizer when processing XML input, enabling execution of attacker-controlled JavaScript in the browser upon rendering HTML. The issue is fixed in PhpSpreadsheet versions 3.9.0, 2.3.7, 2.1.8, and 1.29.9;...

4.8CVSS6AI score0.00403EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/03 3:39 p.m.2 views

Cross-site Scripting (XSS)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS through the generateRow method. An attacker can execute arbitrary JavaScript code in the user's browser...

5.4CVSS5.5AI score0.00403EPSS
Exploits0References2
OSV
OSV
added 2025/02/03 3:39 p.m.22 views

GHSA-R57H-547H-W24F PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters

Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS vector v.4.0: 4.8 AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N Description: an attack...

5.4CVSS5.7AI score0.00403EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/02/03 3:39 p.m.25 views

PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters

Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS vector v.4.0: 4.8 AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N Description: an attack...

4.8CVSS5.8AI score0.00403EPSS
Exploits0References4Affected Software2
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.3 views

PhpSpreadsheet 跨站脚本漏洞

PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A cross-site scripting vulnerability exists in PhpSpreadsheet that stems from the use of javascript protocols and special characters to bypass cross-site scripting XSS cleaners...

4.8CVSS5.8AI score0.00403EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/03 12:0 a.m.6 views

PT-2025-4849 · Phpoffice · Phpspreadsheet

Name of the Vulnerable Software and Affected Versions: phpoffice/phpspreadsheet versions prior to 1.29.9 phpoffice/phpspreadsheet versions prior to 2.1.8 phpoffice/phpspreadsheet versions prior to 2.3.7 phpoffice/phpspreadsheet versions prior to 3.9.0 Description: The issue is related to a bypass...

5.4CVSS6.2AI score0.00403EPSS
Exploits0References9
Veracode
Veracode
added 2025/01/27 5:46 a.m.9 views

Cross-Site Scripting (XSS)

PhpSpreadsheet is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization or escaping of user input when converting XLSX files into HTML, allows malicious scripts to be embedded in the file content and executed in the context of the user's browser...

6.1CVSS6.1AI score0.00371EPSS
Exploits4References4Affected Software2
Rows per page
Query Builder