phpoffice/phpexcel

vulnerable: 1.7.9 ... 1.8.0rc4 (6 versions)

PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have …

vulnerable: 1.7.9 ... 1.8.1 (8 versions)

securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file

vulnerable: 1.7.9 ... 1.8.2 (9 versions)

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the …

vulnerable: 1.7.9 ... 1.8.2 (9 versions)

This affects the package phpoffice/phpspreadsheet from 0.0.0. The library is vulnerable to XSS when creating an html output from an excel file by adding a comment on any cell. The root cause of this issue is within the HTML writer where us…

vulnerable: 1.7.9 ... 1.8.2 (9 versions)

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. In affected versions `\PhpOffice\PhpSpreadsheet\Writer\Html` doesn't sanitize spreadsheet styling information such as font names, allowing an attacker to injec…

vulnerable: 1.7.9 ... 1.8.2 (9 versions)

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions are subject to a bypassing of a filter which allows for an XXE-attack. This in turn allows attacker to obtain contents of local files, even i…

vulnerable: 1.7.9 ... 1.8.2 (9 versions)

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. One of the sample scripts in PhpSpreadsheet is susceptible to a cross-site scripting (XSS) vulnerability due to improper handling of input where a number is ex…

vulnerable: 1.7.9 ... 1.8.2 (9 versions)

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image si…

vulnerable: 1.7.9 ... 1.8.2 (9 versions)

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$wr…

vulnerable: 1.7.9 ... 1.8.2 (9 versions)

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. `\PhpOffice\PhpSpreadsheet\Writer\Html` does not sanitize "javascript:" URLs from hyperlink `href` attributes, resulting in a Cross-Site Scripting vulnerabilit…

vulnerable: 1.7.9 ... 1.8.2 (9 versions)

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces.…

vulnerable: 1.7.9 ... 1.8.2 (9 versions)

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the `scan` m…

vulnerable: 1.7.9 ... 1.8.2 (9 versions)

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The `XmlScanner` class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported `CVE-2024-47873`, the regexes from the `f…

vulnerable: 1.7.9 ... 1.8.2 (9 versions)

phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting (XSS) sanitizer using the javascript protocol and special characters. …