Vulnerabilidades en PHPOffice
26 resultadosCVE-2024-45293HIGHXML External Entity Reference (XXE) in PHPSpreadsheet's XLSX readerEPSS 2.9%CVE-2024-45291MEDIUMPath traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled in PHPSpreadsheetEPSS 0.8%CVE-2024-47873HIGHPhpSpreadsheet XmlScanner bypass leads to XXEEPSS 0.8%CVE-2025-54370HIGHPhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browserEPSS 0.7%CVE-2024-48917HIGHXXE in PHPSpreadsheet's XLSX readerEPSS 0.7%CVE-2026-34084CRITICALPhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFactory::loadEPSS 0.7%CVE-2024-45290HIGHPath traversal and Server-Side Request Forgery when opening XLSX files in PHPSpreadsheetEPSS 0.6%CVE-2024-45048HIGHXML External Entity Reference (XXE) in PHPSpreadsheetEPSS 0.6%CVE-2024-45060HIGHUnauthenticated Cross-Site-Scripting (XSS) in sample file in PHPSpreadsheetEPSS 0.5%CVE-2025-48882HIGHPHPOffice Math allows XXE when processing an XML file in the MathML formatEPSS 0.4%CVE-2024-45046MEDIUMPhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style informationEPSS 0.4%CVE-2026-40863HIGHPhpSpreadsheet: CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML ReaderEPSS 0.4%CVE-2026-40902HIGHPhpSpreadsheet: CPU Denial of Service via Unbounded Row Number in XLSX Row DimensionsEPSS 0.4%CVE-2024-56408HIGHPhpSpreadsheet allows unauthorized reflected XSS in `Convert-Online.php` fileEPSS 0.4%CVE-2025-23210MEDIUMBypass XSS sanitizer using the javascript protocol and special characters in phpoffice/phpspreadsheetEPSS 0.4%CVE-2025-22131MEDIUMCross-Site Scripting (XSS) vulnerability in generateNavigation() functionEPSS 0.4%CVE-2024-56412MEDIUMPhpSpreadsheet vulnerable to bypass of the XSS sanitizer using the javascript protocol and special charactersEPSS 0.4%CVE-2026-45034CRITICALPhpSpreadsheet: File::prohibitWrappers bypassEPSS 0.4%CVE-2024-56411MEDIUMPhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page headerEPSS 0.3%CVE-2024-56366HIGHPhpSpreadsheet vulnerable to unauthorized reflected XSS in the Accounting.php fileEPSS 0.3%