We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the `Accounting.php` file. Using the `/vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Accounting.php` script, an attacker can perform a cross-site scripting attack. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue.
Reserved 2024-12-20 | Published 2025-01-03 | Updated 2025-01-03 | Assigner GitHub_MCWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
github.com/...dsheet/security/advisories/GHSA-c6fv-7vh8-2rhr
github.com/...ommit/700a80346be269af668914172bc6f4521982d0b4
Support options