VYPR

Phpspreadsheet

by PHPOffice

Source repositories

CVEs (25)

  • CVE-2024-45291Oct 7, 2024
    risk 0.00cvss epss 0.01

    PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEmbedImages(true);` those files…

  • CVE-2024-45292Oct 7, 2024
    risk 0.00cvss epss 0.00

    PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. `\PhpOffice\PhpSpreadsheet\Writer\Html` does not sanitize "javascript:" URLs from hyperlink `href` attributes, resulting in a Cross-Site Scripting vulnerability. This issue has been addressed in…

  • CVE-2024-45293Oct 7, 2024
    risk 0.00cvss epss 0.03

    PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload…

  • CVE-2024-45046Aug 28, 2024
    risk 0.00cvss epss 0.00

    PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. In affected versions `\PhpOffice\PhpSpreadsheet\Writer\Html` doesn't sanitize spreadsheet styling information such as font names, allowing an attacker to inject arbitrary JavaScript on the page. As a…

  • CVE-2024-45048Aug 28, 2024
    risk 0.00cvss epss 0.01

    PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions are subject to a bypassing of a filter which allows for an XXE-attack. This in turn allows attacker to obtain contents of local files, even if error reporting is muted. This…

Page 2 of 2