Phpoffice

Phpspreadsheet

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-56411

Exploit
  • EPSS 0.35%
  • Veröffentlicht 03.01.2025 18:15:16
  • Zuletzt bearbeitet 06.03.2025 13:30:34

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability of the hyperlink base in the HTML page header. The HTML page is formed withou...

5.4

CVE-2024-56410

Exploit
  • EPSS 0.32%
  • Veröffentlicht 03.01.2025 18:15:15
  • Zuletzt bearbeitet 17.04.2025 02:35:48

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability in custom properties. The HTML page is generated without clearing custom prop...

5.4

CVE-2024-56366

Exploit
  • EPSS 0.32%
  • Veröffentlicht 03.01.2025 17:15:08
  • Zuletzt bearbeitet 21.04.2025 16:57:02

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the `Accounting.php` file. Using the `/vendor/phpoffice/phps...

5.4

CVE-2024-56409

Exploit
  • EPSS 0.32%
  • Veröffentlicht 03.01.2025 17:15:08
  • Zuletzt bearbeitet 21.04.2025 17:14:40

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the `Currency.php` file. Using the `/vendor/phpoffice/phpspr...

5.4

CVE-2024-56365

Exploit
  • EPSS 0.31%
  • Veröffentlicht 03.01.2025 17:15:08
  • Zuletzt bearbeitet 21.04.2025 16:57:39

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the constructor of the `Downloader` class. Using the `/vendo...

5.4

CVE-2024-56408

Exploit
  • EPSS 0.39%
  • Veröffentlicht 03.01.2025 16:15:26
  • Zuletzt bearbeitet 20.05.2025 19:15:49

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the `/vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php` file, which leads to th...

7.5

CVE-2024-48917

Exploit
  • EPSS 0.72%
  • Veröffentlicht 18.11.2024 20:15:05
  • Zuletzt bearbeitet 07.03.2025 16:48:11

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The `XmlScanner` class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported `CVE-2024-47873`, the regexes from the `findCharSet`...

7.5

CVE-2024-47873

Exploit
  • EPSS 0.76%
  • Veröffentlicht 18.11.2024 17:15:11
  • Zuletzt bearbeitet 07.03.2025 16:48:11

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the `scan` method and t...

8.8

CVE-2024-45291

Exploit
  • EPSS 0.79%
  • Veröffentlicht 07.10.2024 21:15:17
  • Zuletzt bearbeitet 16.10.2024 19:09:52

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEm...

7.5

CVE-2024-45290

Exploit
  • EPSS 0.58%
  • Veröffentlicht 07.10.2024 21:15:17
  • Zuletzt bearbeitet 16.10.2024 19:54:53

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type...