Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpspreadsheet vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv3
CVE-2020-7776
This affects the package phpoffice/phpspreadsheet from 0.0.0. The library is vulnerable to XSS when creating an html output from an excel file by adding a comment on any cell. The root cause of this issue is within the HTML writer where user comments are concatenated as part of l...
Phpspreadsheet Project Phpspreadsheet
8.8
CVSSv3
CVE-2019-12331
PHPOffice PhpSpreadsheet prior to 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encodi...
Phpspreadsheet Project Phpspreadsheet
8.8
CVSSv3
CVE-2018-19277
securityScan() in PHPOffice PhpSpreadsheet up to and including 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file
Phpspreadsheet Project Phpspreadsheet
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started