| CVE-2014-2054 |
high |
— |
7.5 |
12y ago |
PHPExcel vulnerable to XXE attacks through libxml |
|
| CVE-2025-23210 |
unknown |
— |
— |
1y ago |
PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters |
|
| CVE-2025-22131 |
unknown |
— |
— |
1y ago |
Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet |
|
| CVE-2024-56412 |
unknown |
— |
— |
1y ago |
PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters |
|
| CVE-2024-56411 |
unknown |
— |
— |
1y ago |
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header |
|
| CVE-2024-56410 |
unknown |
— |
— |
1y ago |
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability in custom properties |
|
| CVE-2024-56409 |
unknown |
— |
— |
1y ago |
PhpSpreadsheet allows unauthorized Reflected XSS in Currency.php file |
|
| CVE-2024-56366 |
unknown |
— |
— |
1y ago |
PhpSpreadsheet allows unauthorized Reflected XSS in the Accounting.php file |
|
| CVE-2024-56365 |
unknown |
— |
— |
1y ago |
PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downloader class |
|
| CVE-2024-56408 |
unknown |
— |
— |
1y ago |
PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file |
|
| CVE-2024-48917 |
unknown |
— |
— |
2y ago |
XXE in PHPSpreadsheet's XLSX reader |
|
| CVE-2024-47873 |
unknown |
— |
— |
2y ago |
XmlScanner bypass leads to XXE |
|
| CVE-2015-3542 |
unknown |
— |
— |
2y ago |
PHPExcel XXE Vulnerability |
|
| CVE-2024-45293 |
unknown |
— |
— |
2y ago |
XXE in PHPSpreadsheet's XLSX reader |
|
| CVE-2024-45292 |
unknown |
— |
— |
2y ago |
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks |
|
| CVE-2024-45291 |
unknown |
— |
— |
2y ago |
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled |
|
| CVE-2024-45290 |
unknown |
— |
— |
2y ago |
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file |
|
| CVE-2024-45060 |
unknown |
— |
— |
2y ago |
PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file |
|
| CVE-2024-45048 |
unknown |
— |
— |
2y ago |
XXE in PHPSpreadsheet encoding is returned |
|
| CVE-2024-45046 |
unknown |
— |
— |
2y ago |
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information |
|
| CVE-2020-7776 |
unknown |
— |
— |
5y ago |
Cross-site scripting in phpoffice/phpspreadsheet |
|
| CVE-2019-12331 |
unknown |
— |
— |
7y ago |
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue |
|
| CVE-2018-19277 |
unknown |
— |
— |
7y ago |
XXE in PHPSpreadsheet due to encoding issue |
|