Phpoffice Phpexcel vulnerabilities
23 known vulnerabilities affecting phpoffice/phpexcel.
Total CVEs
23
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH12MEDIUM11
Vulnerabilities
Page 2 of 2
CVE-2025-23210P4MEDIUM≥ 0, ≤ 1.8.22025-02-03
CVE-2025-23210 [MEDIUM] CWE-79 PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters
PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters
**Product:** PhpSpreadsheet
**Version:** 3.8.0
**CWE-ID:** CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
**CVSS vector v.3.1:** 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
**CVSS vector v.4.0:** 4.8 (AV:N/AC:L/AT:N/PR:L
ghsaosv
CVE-2025-22131P4MEDIUM≥ 0, ≤ 1.8.22025-01-21
CVE-2025-22131 [MEDIUM] CWE-79 Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet
Cross-Site Scripting (XSS) vulnerability in generateNavigation() function in PhpSpreadsheet
### Summary
The researcher discovered zero-day vulnerability Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file into a HTML representation and displays it in the response.
### Details
When generating the HTML from an xlsx file containing multiple she
ghsaosv
CVE-2015-3542HIGH≥ 0, < 1.8.12024-11-07
CVE-2015-3542 [HIGH] CWE-611 PHPExcel XXE Vulnerability
PHPExcel XXE Vulnerability
PHPExcel XXE Vulnerability
ghsaosv
← Previous2 / 2