12 matches found
Cross-Site Scripting (XSS)
PhpSpreadsheet is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization or escaping of user input when converting XLSX files into HTML, allows malicious scripts to be embedded in the file content and executed in the context of the user's browser...
CVE-2024-45290
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided...
CVE-2024-45290 Path traversal and Server-Side Request Forgery when opening XLSX files in PHPSpreadsheet
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided...
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled
Summary It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with $writer-setEmbedImagestrue; those files will be included in the output as data: URLs, regardless of the file's type. Also URLs can be...
[SECURITY] [DLA 3723-1] libspreadsheet-parsexlsx-perl security update
Debian LTS Advisory DLA-3723-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 27, 2024 https://wiki.debian.org/LTS Package : libspreadsheet-parsexlsx-perl Version : 0.27-2+deb10u1 CVE ID : CVE-2024-22368 CVE-2024-23525 Debian Bug : 1061098 Security...
PT-2023-25009 · Xlsxio · Xlsxio
Name of the Vulnerable Software and Affected Versions: xlsxio versions 0.1.2 through 0.2.34 Description: The issue is related to a free of an uninitialized pointer in the xlsxioread sheetlist close function, which can be exploited by attackers to cause a Denial of Service DoS via a crafted XLSX...
MANSPIDER - Spider Entire Networks For Juicy Files Sitting On SMB Shares. Search Filenames Or File Content - Regex Supported!
Crawl SMB shares for juicy information. File content searching + regex is supported! File types supported: PDF DOCX XLSX PPTX any text-based format and many more!! MAN-SPIDER will crawl every share on every target system. If provided creds don't work, it will fall back to "guest", then to a null...
libxlsxwriter stock in binary vulnerability
Libxlsxwriter is a C library for creating Excel XLSX files. The libxlsxwriter library is vulnerable to a binary vulnerability. An attacker can exploit this vulnerability to cause a program crash...
PT-2019-12758 · Phpoffice · Phpoffice Phpspreadsheet
Name of the Vulnerable Software and Affected Versions: PHPOffice PhpSpreadsheet versions prior to 1.8.0 Description: The issue arises from the XmlScanner decoding sheet1.xml from an .xlsx file to utf-8 if a different encoding is declared in the header. This was initially intended as a security...
PT-2018-14898 · Phpoffice · Phpoffice Phpspreadsheet
Name of the Vulnerable Software and Affected Versions: PHPOffice PhpSpreadsheet versions prior to 1.5.1 Description: The issue allows a bypass of protection mechanisms for XML External Entity XXE attacks via UTF-7 encoding in a .xlsx file. This is achieved through the securityScan function in...
Open-Xchange AppSuite Information Disclosure Vulnerability (CNVD-2016-04412)
Open-Xchange AppSuite OX AppSuite is a suite of Web-based cloud desktop environments from Open-Xchange, Inc. in the United States. The environment allows users to manage email, tasks, files, etc. more intuitively. An information disclosure vulnerability exists in OX AppSuite 7.8.1 and earlier...
Microsoft Office .xlsx Files Detection
Binary data 4948.prm...