Packagist/phpoffice/phpexcel — 23 CVEs

Loading…

All known vulnerabilities

HIGH8.8CVE-2024-45048XXE in PHPSpreadsheet encoding is returned

from 0, <= 1.8.2

HIGH8.8CVE-2019-12331XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue

from 0, <= 1.8.2

HIGH8.8CVE-2018-19277XXE in PHPSpreadsheet due to encoding issue

from 0, < 1.8.2

HIGH7.7PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file

from 0, <= 1.8.2

HIGH7.5XXE in PHPSpreadsheet's XLSX reader

from 0, <= 1.8.2

HIGH7.5XmlScanner bypass leads to XXE

from 0, <= 1.8.2

HIGH7.5XXE in PHPSpreadsheet's XLSX reader

from 0, <= 1.8.2

HIGH7.1PhpSpreadsheet allows unauthorized Reflected XSS in Currency.php file

from 0, <= 1.8.2

HIGH7.1PhpSpreadsheet allows unauthorized Reflected XSS in the Accounting.php file

from 0, <= 1.8.2

HIGH7.1PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downloader class

from 0, <= 1.8.2

HIGH7.1PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file

from 0, <= 1.8.2

MEDIUM6.4Cross-site scripting in phpoffice/phpspreadsheet

from 0, <= 1.8.2

MEDIUM6.3PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled

from 0, <= 1.8.2

MEDIUM6.1Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet

from 0, <= 1.8.2

MEDIUM6.1PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file

from 0, <= 1.8.2

MEDIUM5.4PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters

from 0, <= 1.8.2

MEDIUM5.4PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters

from 0, <= 1.8.2

MEDIUM5.4PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header

from 0, <= 1.8.2

MEDIUM5.4PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability in custom properties

from 0, <= 1.8.2

MEDIUM5.4PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks

from 0, <= 1.8.2

MEDIUM5.4PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information

from 0, <= 1.8.2

—PHPExcel XXE Vulnerability

from 0, < 1.8.1

—PHPExcel vulnerable to XXE attacks through libxml

from 0, < 1.8.0

pkg:Packagist/phpoffice/phpexcel

✅ Check your installed version

All known vulnerabilities