Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information
Vulnerability Description
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. In affected versions `\PhpOffice\PhpSpreadsheet\Writer\Html` doesn't sanitize spreadsheet styling information such as font names, allowing an attacker to inject arbitrary JavaScript on the page. As a result an attacker may used a crafted spreadsheet to fully takeover a session of a user viewing spreadsheet files as HTML. This issue has been addressed in release version 2.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
PHPSpreadsheet 安全漏洞
Vulnerability Description
PhpSpreadsheet是PHPOffice开源的一款用于读取和写入电子表格文件的PHP库。 PHPSpreadsheet 存在安全漏洞,该漏洞源于 PhpOfficePhpSpreadsheetWriterHtml 不会清理电子表格样式信息。
CVSS Information
N/A
Vulnerability Type
N/A