📦 Phpspreadsheet
by Phpoffice
🔍 What is Phpspreadsheet?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability allows attackers to bypass XML external entity (XXE) protection in PhpSpreadsheet by using UTF-7 encoding tricks. Attackers can read local files, perform server-side request forgery...
This vulnerability allows attackers to bypass XML external entity (XXE) protection in PhpSpreadsheet by exploiting UCS-4 encoding and encoding guessing weaknesses. It affects PHP applications that pro...
This CVE describes a cross-site scripting (XSS) vulnerability in PHPSpreadsheet's sample script '45_Quadratic_equation_solver.php' that allows formula injection. Attackers can inject malicious JavaScr...
This vulnerability in PHPSpreadsheet allows attackers to bypass XML security scanning by using whitespace manipulation in XLSX files, enabling XXE attacks. It affects servers that allow user-uploaded ...
This vulnerability in PHPSpreadsheet allows attackers to bypass XML filtering and perform XML External Entity (XXE) attacks. Attackers can read local files on the server even when error reporting is d...
CVE-2025-22131 is a Cross-Site Scripting (XSS) vulnerability in PhpSpreadsheet that occurs when converting XLSX files to HTML for display. Attackers can inject malicious scripts into spreadsheets that...
PhpSpreadsheet versions before 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting vulnerability in the HTML page header's hyperlink base. Attackers can inject malicious scripts that execute w...
PhpSpreadsheet versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a reflected cross-site scripting vulnerability in the Accounting.php sample script. An attacker can inject malicious scripts th...
This CVE describes a cross-site scripting (XSS) vulnerability in PhpSpreadsheet's sample engineering conversion script. Attackers can inject malicious scripts that execute in users' browsers when they...
PHPSpreadsheet has a vulnerability where attackers can create malicious XLSX files that cause arbitrary file reads and Server-Side Request Forgery when image embedding is enabled. This affects all PHP...
This vulnerability in PHPSpreadsheet allows cross-site scripting (XSS) attacks through malicious spreadsheet files. When a user views a crafted spreadsheet as HTML, attackers can inject arbitrary Java...