Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to missing sanitization of the spreadsheet styling information, via the \PhpOffice\PhpSpreadsheet\Writer\Html component. PoC php loadDIR . '/book.xlsx'; $writer = new...

PT-2024-31397 · Phpoffice · Phpspreadsheet

Name of the Vulnerable Software and Affected Versions: PHPSpreadsheet versions prior to 2.1.0 Description: The issue concerns the PhpOfficePhpSpreadsheetWriterHtml component, which fails to sanitize spreadsheet styling information, such as font names. This allows an attacker to inject arbitrary...