25 matches found
CVE-2018-19277
CVE-2018-19277 affects PhpSpreadsheet (PHPOffice) up to version 1.5.0. The flaw: the library’s XML handling in Xlsx files can bypass protection via UTF-7 encoding, enabling an XML External Entity (XXE) attack. Root cause per sources: XmlScanner/Xml parsing when declared encoding differs from UTF-...
CVE-2024-45293
CVE-2024-45293 involves an XXE in PHPSpreadsheet’s XLSX reader where the security scanner that prevents XXE can be bypassed by whitespace in the XML encoding attribute, allowing a crafted XLSX to disclose server data. The root cause is a flawed XML encoding check in XmlScanner.php that defaults t...
CVE-2019-12331
PHPOffice PhpSpreadsheet before 1.8.0 contains an XXE flaw in the XML handling of sheet1.xml. The XmlScanner decodes sheet1.xml to UTF-8 when a non-UTF-8 encoding is declared, and an attacker can double-encode payloads in UTF-7 to bypass the string check for , enabling XML External Entity (XXE) p...
CVE-2024-47873
PhpSpreadsheet's XML scanner contains a bypass that can enable XML External Entity (XXE) attacks. The findCharSet/scan logic can be bypassed by encoding tricks (e.g., UCS-4, UTF-7) and encoding guessing, allowing sanitizers to be circumvented. Affected versions are prior to 1.9.4, 2.1.3, 2.3.2, a...
CVE-2024-45048
CVE-2024-45048 (PHPSpreadsheet) : A bypass of a filter in affected PHPSpreadsheet versions enables an XXE attack, allowing access to local file contents even when error reporting is muted. The vulnerability is fixed in release 2.2.1; all users should upgrade to that version. Impact is described a...
CVE-2025-22131
PhpSpreadsheet CVE-2025-22131 is an XSS in generateNavigation() during XLSX-to-HTML conversion when sheet names are not escaped for multi-sheet files. Affects PhpSpreadsheet versions prior to 2.2.2, 2.1.2, and 1.29.4; PoCs exist showing cookie-exfiltration via HTML navigation. Root cause: unsanit...
CVE-2020-7776
CVE-2020-7776 affects phpoffice/phpspreadsheet (0.0.0 and earlier): the HTML writer concatenates user comments into links when exporting to HTML from an Excel file, enabling XSS in HTML output. Root cause: HTML writer handling of cell comments. A fix is available in commit 0ed5b800be2136bcb8fa9c1...
CVE-2024-56408
PhpSpreadsheet (PHP) has a cross-site scripting (XSS) vulnerability in the Convert-Online.php sample due to missing input sanitization. Affected versions are prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7; these versions lack sanitization in /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-...
CVE-2024-56410
PhpSpreadsheet has an XSS vulnerability in custom properties affecting the PhpSpreadsheet Writer Html path (class PhpOffice\PhpSpreadsheet\Writer\Html, generateMeta). Affected versions: < 3.7.0, < 2.3.5, < 2.1.6, and
CVE-2024-56411
CVE-2024-56411 concerns PhpSpreadsheet: an XSS vulnerability in the hyperlink base used when generating HTML headers via PhpOffice\PhpSpreadsheet\Writer\Html. The issue arises because the HTML page header is built without sanitizing the hyperlink base, potentially allowing malicious payloads when...
CVE-2024-56409
CVE-2024-56409 concerns PhpSpreadsheet, a PHP library for spreadsheet handling. The vulnerability affects the vulnerable component in the Currency.php sample, where the currency parameter is not sanitized, allowing an unauthorized reflected cross-site scripting (XSS) attack when an attacker submi...
CVE-2024-48917
CVE-2024-48917 (PhpSpreadsheet XXE bypass) : The XmlScanner in PhpSpreadsheet can be bypassed via the encoding detection logic (findCharSet) when processing XML with UTF-7 payloads, allowing an XML External Entity attack. A comment injection at the end of the file encoding tag (e.g., encoding="UT...
CVE-2024-56366
PhpSpreadsheet contains an unauthorized reflected XSS in Accounting.php via the currency parameter. Affected versions are prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7. The vulnerability can be triggered using the samples/Wizards/NumberFormat/Accounting.php script (PoC shown in the referenced material...
CVE-2024-45046
Technical details about CVE-2024-45046 are not publicly provided in the documents you shared. No explicit affected products/versions, impact, or remediation are stated here. Monitor for updates from the sources for concrete information.
CVE-2024-56365
PhpSpreadsheet (phpspreadsheet) has an unauthorized reflected XSS in the Downloader constructor. Affected versions pre-3.7.0, pre-2.3.5, pre-2.1.6, and pre-1.29.7 are vulnerable via GET parameters in the samples/download.php script. The issue allows executing arbitrary JavaScript in the victim’s ...
CVE-2024-45060
Summary (CVE-2024-45060) PhpSpreadsheet (PHPOffice) contains a cross-site scripting (XSS) vulnerability in a sample file. The issue arises when user-supplied input is concatenated directly into spreadsheet formulas in the 45_Quadratic_equation_solver.php script, enabling formula injection and Jav...
CVE-2024-56412
PhpSpreadsheet vulnerability CVE-2024-56412 allows bypassing the XSS sanitizer via the javascript protocol and special characters in the Writer\Html component (generateRow). Affected versions are before 3.7.0, 2.3.5, 2.1.6, and 1.29.7. The issue can cause an attacker-created HTML link to be gener...
CVE-2024-45291
PHPSpreadsheet (PHPSpreadsheet) contains a path traversal/SRV (Server-Side Request Forgery) vulnerability in the HTML writer when embedImages is enabled. An XLSX can link images from arbitrary paths; output data: URLs may include local files and, with wrappers like expect://, enable remote reques...
CVE-2024-45292
PHPSpreadsheet’s HTML writer (PhpOffice\PhpSpreadsheet\Writer\Html) is affected by a Cross-Site Scripting (XSS) vulnerability due to insufficient sanitization of javascript: URLs in href attributes. The issue is fixed in releases 1.29.2, 2.1.1, and 2.3.0; upgrading to one of these versions (or n...
CVE-2024-45290
PhpSpreadsheet (PHPSpreadsheet) is affected by CVE-2024-45290 through its XLSX reading flow. When opening an XLSX, the library may pass a URL path to the image-dimension/TYPE check, and with crafted php://filter URLs, an attacker can leak file contents or remote resources. The underlying root cau...
CVE-2026-40902
CVE-2026-40902 affects PhpSpreadsheet’s XLSX reader. The vulnerability arises when ColumnAndRowAttributes::readRowAttributes() reads the row index (r attribute) from XML without validating against the maximum row limit (AddressRange::MAX_ROW = 1,048,576). An attacker can craft a tiny XLSX file co...
CVE-2026-34084
CVE-2026-34084 describes a vulnerability in PhpSpreadsheet where IOFactory::load() with a user-controlled filename can pass PHP stream wrappers (phar://, ftp://, ssh2.sftp://) to is_file(), triggering PHAR deserialization and potential remote code execution if an appropriate gadget chain exists. ...
CVE-2026-35453
PhpSpreadsheet contains an XSS vulnerability in the HTML Writer when a cell uses a custom number format with an @ placeholder and additional literal text. The formatter returns early and escaping via htmlspecialchars() is skipped, allowing injected HTML/JavaScript in the generated HTML. Affected ...
CVE-2026-40296
PhpSpreadsheet is affected by a stored XSS in the HTML writer when a cell uses a custom number format containing the text placeholder @. If the formatted value diverges from the original value (e.g., formats like ". @", "@ ", or "x@"), htmlspecialchars() escaping is skipped, allowing unescaped HT...
CVE-2026-40863
CVE-2026-40863 affects PhpSpreadsheet’s SpreadsheetML XML reader. An attacker can craft an XML with an oversized ss:Index (e.g., 999999999) on a , inflating the internal cachedHighestRow to ~1 billion and causing CPU exhaustion during row iteration. This leads to denial of service when processing...