Phpoffice Security Vulnerabilities (CVEs)
Track 11 security vulnerabilities affecting Phpoffice products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2025-22131 is a Cross-Site Scripting (XSS) vulnerability in PhpSpreadsheet that occurs when converting XLSX files to HTML for display. Attackers c...
Jan 20, 2025PhpSpreadsheet versions before 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting vulnerability in the HTML page header's hyperlink base. Att...
Jan 3, 2025PhpSpreadsheet versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a reflected cross-site scripting vulnerability in the Accounting.php sample s...
Jan 3, 2025This CVE describes a cross-site scripting (XSS) vulnerability in PhpSpreadsheet's sample engineering conversion script. Attackers can inject malicious...
Jan 3, 2025This vulnerability allows attackers to bypass XML external entity (XXE) protection in PhpSpreadsheet by using UTF-7 encoding tricks. Attackers can rea...
Nov 18, 2024This vulnerability allows attackers to bypass XML external entity (XXE) protection in PhpSpreadsheet by exploiting UCS-4 encoding and encoding guessin...
Nov 18, 2024This CVE describes a cross-site scripting (XSS) vulnerability in PHPSpreadsheet's sample script '45_Quadratic_equation_solver.php' that allows formula...
Oct 7, 2024PHPSpreadsheet has a vulnerability where attackers can create malicious XLSX files that cause arbitrary file reads and Server-Side Request Forgery whe...
Oct 7, 2024This vulnerability in PHPSpreadsheet allows attackers to bypass XML security scanning by using whitespace manipulation in XLSX files, enabling XXE att...
Oct 7, 2024This vulnerability in PHPSpreadsheet allows cross-site scripting (XSS) attacks through malicious spreadsheet files. When a user views a crafted spread...
Aug 28, 2024This vulnerability in PHPSpreadsheet allows attackers to bypass XML filtering and perform XML External Entity (XXE) attacks. Attackers can read local ...
Aug 28, 2024Why Monitor Phpoffice Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 11+ known vulnerabilities affecting Phpoffice products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Phpoffice packages in under 60 seconds. No agents required - completely agentless scanning that works across Phpoffice deployments.
Free vulnerability database: Access detailed information about every Phpoffice CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Phpoffice CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
