Lucene search
K

221 matches found

RedhatCVE
RedhatCVE
added 2025/02/04 11:35 p.m.18 views

CVE-2024-48917

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current...

7.5CVSS6.5AI score0.0076EPSS
Exploits2
Snyk
Snyk
added 2024/11/18 8:42 p.m.3 views

XML External Entity (XXE) Injection

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to XML External Entity XXE Injection via the scan method in the XmlScanner class. Exploiting this vulnerability is possible when...

8.7CVSS7.6AI score0.00718EPSS
Exploits1References2
NVD
NVD
added 2024/11/18 8:15 p.m.29 views

CVE-2024-48917

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current...

7.5CVSS0.00718EPSS
Exploits1References3
OSV
OSV
added 2024/11/18 8:1 p.m.35 views

GHSA-7CC9-J4MV-VCJP XXE in PHPSpreadsheet's XLSX reader

Summary The XmlScanner class has a scan method which should prevent XXE attacks. However, we found another bypass than the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current encoding can be bypassed by using a payload in the...

7.5CVSS7.5AI score0.00718EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/11/18 7:48 p.m.38 views

CVE-2024-48917 XXE in PHPSpreadsheet's XLSX reader

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current...

7.5CVSS7.3AI score0.00718EPSS
Exploits1References3
CVE
CVE
added 2024/11/18 7:48 p.m.68 views

CVE-2024-48917

CVE-2024-48917 (PhpSpreadsheet XXE bypass) : The XmlScanner in PhpSpreadsheet can be bypassed via the encoding detection logic (findCharSet) when processing XML with UTF-7 payloads, allowing an XML External Entity attack. A comment injection at the end of the file encoding tag (e.g., encoding="UT...

7.5CVSS7.5AI score0.00718EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/10/07 8:15 p.m.25 views

CVE-2024-45293

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel XLS...

7.5CVSS0.02859EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2021/11/01 12:0 a.m.23 views

Python < 2.5.6, 2.6.x < 2.6.7, 2.7.x < 2.7.2, 3.2.x < 3.2.4, 3.3.x < 3.3.1 SimpleHTTPServer UTF-7 (bpo-11442) - Linux

Python is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

2.6CVSS5.4AI score0.03213EPSS
Exploits1References2
OSV
OSV
added 2019/11/20 1:39 a.m.56 views

GHSA-VVWV-H69M-WG6F XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml...

8.8CVSS8.5AI score0.0135EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2019/11/20 1:39 a.m.60 views

XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml...

8.8CVSS1.5AI score0.0135EPSS
Exploits1References8Affected Software2
OSV
OSV
added 2019/11/20 1:38 a.m.27 views

GHSA-XCRG-29H7-H4CJ XXE in PHPSpreadsheet due to encoding issue

securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...

8.8CVSS8.6AI score0.07791EPSS
Exploits4References12
Github Security Blog
Github Security Blog
added 2019/11/20 1:38 a.m.71 views

XXE in PHPSpreadsheet due to encoding issue

securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...

8.8CVSS3.1AI score0.07791EPSS
Exploits4References12Affected Software2
Veracode
Veracode
added 2019/11/08 3:24 a.m.26 views

XML External Entity (XXE)

PHPOffice PhpSpreadsheet is vulnerable to XXE. The fix to prevent CVE-2018-19277 was not sufficient to protect against the previous vulnerability. An attacker is able to bypass the mitigation by double-encoding the the XML payload into utf-7 and bypass the check for the string ?!ENTITY?...

8.8CVSS2.4AI score0.07791EPSS
Exploits5References4Affected Software1
NVD
NVD
added 2019/11/07 3:15 p.m.32 views

CVE-2019-12331

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml...

8.8CVSS8.7AI score0.0135EPSS
Exploits1References2
OSV
OSV
added 2019/11/07 3:15 p.m.22 views

CVE-2019-12331

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml...

8.8CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2019/11/07 3:15 p.m.24 views

Xxe

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml...

6.8CVSS8.6AI score0.07791EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2019/11/07 2:3 p.m.29 views

CVE-2019-12331

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml...

8.6AI score0.0135EPSS
Exploits1References2
Snyk
Snyk
added 2019/10/21 4:44 p.m.3 views

XML External Entity

Overview Affected versions of this package are vulnerable to XML External Entity. The XmlScanner decodes the sheet1.xml from an .xlsx to UTF-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By...

8.8CVSS8.6AI score0.07791EPSS
Exploits5References2
RedhatCVE
RedhatCVE
added 2019/10/04 10:1 p.m.26 views

CVE-2008-1468

Cross-site scripting XSS vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are...

7.5CVSS5.7AI score0.02053EPSS
Exploits0References3
myhack58
myhack58
added 2019/01/26 12:0 a.m.862 views

PhpSpreadsheet 1.5.0 XXE vulnerability reproduction and analysis-vulnerability warning-the black bar safety net

0x01 introduction PhpSpreadsheet is a very popular pure PHP class library that allows you to easily read and write Excel, LibreOffic Calc and other spreadsheet file formats, is PHPExcel alternative. 2018 11 October 13, PhpSpreadsheet was broke presence of the XXE vulnerability, CVE-2018-19277, in...

6.8CVSS0.1AI score0.07791EPSS
Exploits4
Rows per page
Query Builder