Phpoffice

Phpspreadsheet

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.7

CVE-2025-54370

  • EPSS 0.09%
  • Veröffentlicht 25.08.2025 14:15:33
  • Zuletzt bearbeitet 25.08.2025 20:24:45

PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerabilit...

4.8

CVE-2025-23210

  • EPSS 0.29%
  • Veröffentlicht 03.02.2025 22:15:28
  • Zuletzt bearbeitet 03.02.2025 22:15:28

phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting (XSS) sanitizer using the javascript protocol and special characters. This issue ...

6.1

CVE-2025-22131

Exploit
  • EPSS 0.46%
  • Veröffentlicht 20.01.2025 16:15:27
  • Zuletzt bearbeitet 06.03.2025 13:30:34

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file into a HTML representation and displays it in the response.

5.4

CVE-2024-56412

Exploit
  • EPSS 0.3%
  • Veröffentlicht 03.01.2025 18:15:16
  • Zuletzt bearbeitet 06.03.2025 13:30:34

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to bypass of the cross-site scripting sanitizer using the javascript protocol and special characters. An attac...

5.4

CVE-2024-56411

Exploit
  • EPSS 0.87%
  • Veröffentlicht 03.01.2025 18:15:16
  • Zuletzt bearbeitet 06.03.2025 13:30:34

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability of the hyperlink base in the HTML page header. The HTML page is formed withou...

5.4

CVE-2024-56410

Exploit
  • EPSS 0.67%
  • Veröffentlicht 03.01.2025 18:15:15
  • Zuletzt bearbeitet 17.04.2025 02:35:48

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability in custom properties. The HTML page is generated without clearing custom prop...

5.4

CVE-2024-56409

Exploit
  • EPSS 0.67%
  • Veröffentlicht 03.01.2025 17:15:08
  • Zuletzt bearbeitet 21.04.2025 17:14:40

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the `Currency.php` file. Using the `/vendor/phpoffice/phpspr...

5.4

CVE-2024-56366

Exploit
  • EPSS 0.87%
  • Veröffentlicht 03.01.2025 17:15:08
  • Zuletzt bearbeitet 21.04.2025 16:57:02

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the `Accounting.php` file. Using the `/vendor/phpoffice/phps...

5.4

CVE-2024-56365

Exploit
  • EPSS 0.67%
  • Veröffentlicht 03.01.2025 17:15:08
  • Zuletzt bearbeitet 21.04.2025 16:57:39

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the constructor of the `Downloader` class. Using the `/vendo...

5.4

CVE-2024-56408

Exploit
  • EPSS 1.03%
  • Veröffentlicht 03.01.2025 16:15:26
  • Zuletzt bearbeitet 20.05.2025 19:15:49

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the `/vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php` file, which leads to th...