phpoffice CVE 脆弱性と CVE 一覧(25)

製品(CPE): — CVE 件数: 25

phpoffice 脆弱性概要

phpoffice 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

一般的な弱点パターンには vendor risk cross-site scripting、vendor risk xxe、vendor risk ssrf, and パス処理の欠陥 があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact session compromise and ファイル上書き などのリスクが生じる可能性があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 2125 / 25 CVE 件数
«« 先頭 « 前へ 2 / 2 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2024-45048 PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions are subject to a bypassing of a filter which allows for an XXE-attack. This in turn allows attacker to obtain contents of local files, even if error reporting is muted. This vulnerability has been addressed in release version 2.2.1. All users are advised to upgrade. There are no known workarounds for this vulnerability. [email protected] 8.8 0.57% 2024-08-28 2026-06-17
CVE-2024-45046 PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. In affected versions `\PhpOffice\PhpSpreadsheet\Writer\Html` doesn't sanitize spreadsheet styling information such as font names, allowing an attacker to inject arbitrary JavaScript on the page. As a result an attacker may used a crafted spreadsheet to fully takeover a session of a user viewing spreadsheet files as HTML. This issue has been addressed in release version 2.1.0. All users are advised to upgrade. There a [email protected] 5.4 0.40% 2024-08-28 2026-06-17
CVE-2020-7776 This affects the package phpoffice/phpspreadsheet from 0.0.0. The library is vulnerable to XSS when creating an html output from an excel file by adding a comment on any cell. The root cause of this issue is within the HTML writer where user comments are concatenated as part of link and this is returned as HTML. A fix for this issue is available on commit 0ed5b800be2136bcb8fa9c1bdf59abc957a98845/master branch. [email protected] 7.1 1.30% 2020-12-09 2026-06-16
CVE-2019-12331 PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml payload to utf-7 it is possible to bypass the check for the string ‚<!ENTITY‘ and thus allowing for an xml external entity processing (XXE) attack. [email protected] 8.8 1.35% 2019-11-07 2026-06-16
CVE-2018-19277 securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file [email protected] 8.8 7.79% 2018-11-14 2026-06-16
«« 先頭 « 前へ 2 / 2 次へ »
cvelogic Threat Intelligence