Phpspreadsheet@3.3.0 Security Vulnerabilities and Issues — Phpspreadsheet@3.3.0 CVE List

Lucene search

PhpofficePhpspreadsheet3.3.0

7 matches found

CVE•added 2024/11/18 5:15 p.m.•66 views

CVE-2024-47873

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using UCS-...

7.5CVSS7.4AI score0.00058EPSS

CVE•added 2025/01/03 5:15 p.m.•52 views

CVE-2024-56366

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the Accounting.php file. Using the /vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Accounting.p...

8.3CVSS6AI score0.00098EPSS

CVE•added 2025/01/03 6:15 p.m.•50 views

CVE-2024-56410

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability in custom properties. The HTML page is generated without clearing custom properties. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 ...

5.4CVSS5.5AI score0.00098EPSS

CVE•added 2025/01/03 4:15 p.m.•49 views

CVE-2024-56408

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php file, which leads to the possibility of a cross-site scripting attack. Ver...

8.3CVSS6.1AI score0.00131EPSS

CVE•added 2025/01/03 5:15 p.m.•48 views

CVE-2024-56365

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the constructor of the Downloader class. Using the /vendor/phpoffice/phpspreadsheet/samples/download.php scri...

8.3CVSS6AI score0.00098EPSS

CVE•added 2024/11/18 8:15 p.m.•47 views

CVE-2024-48917

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current enco...

7.5CVSS7.5AI score0.00058EPSS

CVE•added 2025/01/03 5:15 p.m.•45 views

CVE-2024-56409

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the Currency.php file. Using the /vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Currency.php s...

8.3CVSS6AI score0.00098EPSS