Lucene search
K

344 matches found

Snyk
Snyk
added 2026/04/29 8:24 p.m.6 views

Cross-site Scripting (XSS)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS through the readRowAttributes process. An attacker can exhaust CPU and memory resources by submitting a...

8.7CVSS5.5AI score0.00395EPSS
Exploits1References2
OSV
OSV
added 2026/04/29 8:23 p.m.9 views

GHSA-84WQ-86V6-X5J6 PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader

Summary The SpreadsheetML XML reader Reader\Xml does not validate the ss:Index row attribute against the maximum allowed row count AddressRange::MAXROW = 1,048,576. An attacker can craft a SpreadsheetML XML file with ss:Index="999999999" on a element, which inflates the internal cachedHighestRow ...

7.5CVSS5.8AI score0.00395EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/29 8:23 p.m.5 views

Cross-site Scripting (XSS)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Reader\Xml process when processing SpreadsheetML XML files containing a crafted ss:Index...

8.7CVSS5.5AI score0.00395EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/29 8:23 p.m.9 views

PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader

Summary The SpreadsheetML XML reader Reader\Xml does not validate the ss:Index row attribute against the maximum allowed row count AddressRange::MAXROW = 1,048,576. An attacker can craft a SpreadsheetML XML file with ss:Index="999999999" on a element, which inflates the internal cachedHighestRow ...

7.5CVSS5.6AI score0.00395EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/29 8:22 p.m.5 views

GHSA-Q4Q6-R8WH-5CGH PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled

The usage of isfile, used to verify if the $filename is indeed an actual file, by all? Reader implementations inside the helper function File::assertFile is php-wrapper aware, for any php wrappers implementing stat. The 3 wrappers ftp://, phar:// and ssh2.sftp://, all satisfy this requirement - 2...

9.2CVSS5.8AI score0.00712EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/29 8:22 p.m.5 views

Server-side Request Forgery (SSRF)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the IOFactory::load function. An attacker can execute arbitrary code or initiate unauthoriz...

10CVSS6.2AI score0.00712EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/29 8:22 p.m.8 views

PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled

The usage of isfile, used to verify if the $filename is indeed an actual file, by all? Reader implementations inside the helper function File::assertFile is php-wrapper aware, for any php wrappers implementing stat. The 3 wrappers ftp://, phar:// and ssh2.sftp://, all satisfy this requirement - 2...

9.8CVSS5.7AI score0.00712EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.17 views

PT-2026-37105

Name of the Vulnerable Software and Affected Versions PhpSpreadsheet versions prior to 1.30.4 PhpSpreadsheet versions prior to 2.1.16 PhpSpreadsheet versions prior to 2.4.5 PhpSpreadsheet versions prior to 3.10.5 PhpSpreadsheet versions prior to 5.7.0 Description The SpreadsheetML XML reader...

7.5CVSS5.8AI score0.00395EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.12 views

PT-2026-37107

Name of the Vulnerable Software and Affected Versions PhpSpreadsheet versions prior to 1.30.4 PhpSpreadsheet versions prior to 2.1.16 PhpSpreadsheet versions prior to 2.4.5 PhpSpreadsheet versions prior to 3.10.5 PhpSpreadsheet versions prior to 5.7.0 Description The XLSX reader's...

7.5CVSS5.8AI score0.00395EPSS
Exploits1References4
Circl
Circl
added 2026/04/28 11:50 p.m.9 views

CVE-2026-40863

creationtimestamp| type| source ---|---|--- 2026-04-28 23:50:56+00:00| published-proof-of-concept| https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-84wq-86v6-x5j6...

7.5CVSS5.8AI score0.00395EPSS
Exploits1References1
Circl
Circl
added 2026/04/28 11:49 p.m.10 views

CVE-2026-40902

creationtimestamp| type| source ---|---|--- 2026-04-28 23:49:04+00:00| published-proof-of-concept| https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-7c6m-4442-2x6m...

7.5CVSS5.8AI score0.00395EPSS
Exploits1References1
OSV
OSV
added 2026/04/28 10:57 p.m.13 views

GHSA-HRMW-QPRP-WGMC PhpSpreadsheet has XSS via number format code with @ text placeholder bypasses htmlspecialchars in HTML writer

It was discovered that there is a way to bypass HTML escaping in the HTML writer using custom number format codes. The Problem In Writer/Html.php around line 1592, the code checks if the formatted cell data equals the original data to decide whether to apply htmlspecialchars: php if $cellData ===...

5.4CVSS5.9AI score0.00225EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/28 10:57 p.m.18 views

PhpSpreadsheet has XSS via number format code with @ text placeholder bypasses htmlspecialchars in HTML writer

It was discovered that there is a way to bypass HTML escaping in the HTML writer using custom number format codes. The Problem In Writer/Html.php around line 1592, the code checks if the formatted cell data equals the original data to decide whether to apply htmlspecialchars: php if $cellData ===...

5.4CVSS5.5AI score0.00225EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/28 10:50 p.m.5 views

GHSA-6WPP-88CP-7Q68 PhpSpreadsheet has XSS via NumberFormat @ Text Substitution in HTML Writer

Summary The HTML Writer in PhpSpreadsheet bypasses htmlspecialchars output escaping when a cell uses a custom number format containing the @ text placeholder with additional literal text e.g., @ "items" or "Total: "@. This allows an attacker to inject arbitrary HTML and JavaScript into the...

5.3CVSS6AI score0.00202EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/28 10:50 p.m.7 views

Cross-site Scripting (XSS)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS in the HTML generation process when a cell uses a custom number format containing the @ text placeholde...

5.4CVSS5.8AI score0.00202EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.10 views

PT-2026-35878

Name of the Vulnerable Software and Affected Versions PhpSpreadsheet affected versions not specified Description An HTML escaping bypass allows for Cross-Site Scripting XSS, a technique where malicious scripts are injected into otherwise trusted websites. Recommendations At the moment, there is n...

5.4CVSS5.1AI score0.00225EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.10 views

PT-2026-35931

Name of the Vulnerable Software and Affected Versions PhpSpreadsheet versions prior to 1.30.4 PhpSpreadsheet versions 2.0.0 through 2.1.15 PhpSpreadsheet versions 2.2.0 through 2.4.4 PhpSpreadsheet versions 3.3.0 through 3.10.4 PhpSpreadsheet versions 4.0.0 through 5.6.0 Description The HTML Writ...

5.4CVSS5.9AI score0.00202EPSS
Exploits1References9
OSV
OSV
added 2026/01/15 10:40 p.m.3 views

GHSA-44JG-MV3H-WJ6G solspace/craft-freeform Vulnerable to XSS in `PhpSpreadsheet` HTML Writer Due to Unsanitized Styling Data

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. \PhpOffice\PhpSpreadsheet\Writer\Html doesn't sanitize spreadsheet styling...

4.8CVSS6.3AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/01/15 10:40 p.m.9 views

solspace/craft-freeform Vulnerable to XSS in `PhpSpreadsheet` HTML Writer Due to Unsanitized Styling Data

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. \PhpOffice\PhpSpreadsheet\Writer\Html doesn't sanitize spreadsheet styling...

7.8AI score
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.24 views

CVE-2025-23210

phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting XSS sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1....

4.8CVSS6.1AI score0.00403EPSS
Exploits0References1
Rows per page
Query Builder