Phpspreadsheet Security Vulnerabilities and Issues — Phpspreadsheet CVE List

Lucene search

PhpofficePhpspreadsheet

9 matches found

CVE•added 2025/02/03 10:15 p.m.•52 views

CVE-2025-23210

phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting (XSS) sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1....

4.8CVSS6AI score0.0014EPSS

CVE•added 2025/01/20 4:15 p.m.•51 views

CVE-2025-22131

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file into a HTML representation and displays it in the response.

6.1CVSS5.7AI score0.0004EPSS

CVE•added 2025/01/03 5:15 p.m.•49 views

CVE-2024-56366

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the Accounting.php file. Using the /vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Accounting.p...

8.3CVSS6AI score0.00055EPSS

CVE•added 2025/01/03 6:15 p.m.•49 views

CVE-2024-56410

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability in custom properties. The HTML page is generated without clearing custom properties. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 ...

5.4CVSS5.5AI score0.00055EPSS

CVE•added 2025/01/03 4:15 p.m.•48 views

CVE-2024-56408

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php file, which leads to the possibility of a cross-site scripting attack. Ver...

8.3CVSS6.1AI score0.00069EPSS

CVE•added 2025/01/03 5:15 p.m.•47 views

CVE-2024-56365

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the constructor of the Downloader class. Using the /vendor/phpoffice/phpspreadsheet/samples/download.php scri...

8.3CVSS6AI score0.00055EPSS

CVE•added 2025/01/03 6:15 p.m.•47 views

CVE-2024-56411

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability of the hyperlink base in the HTML page header. The HTML page is formed without sanitizing the hyperlink base. Versions 3.7.0, ...

5.4CVSS5.5AI score0.00055EPSS

CVE•added 2025/01/03 6:15 p.m.•45 views

CVE-2024-56412

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to bypass of the cross-site scripting sanitizer using the javascript protocol and special characters. An attacker can use special characters, so that the libra...

5.4CVSS6AI score0.00055EPSS

CVE•added 2025/01/03 5:15 p.m.•44 views

CVE-2024-56409

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the Currency.php file. Using the /vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Currency.php s...

8.3CVSS6AI score0.00055EPSS