CVE-2025-22131
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-22131
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22131.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-22131
- Aliases
- Published
- 2025-01-20T16:15:27Z
- Modified
- 2025-01-21T01:57:08.877335Z
- Summary
- [none]
- Details
-
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file into a HTML representation and displays it in the response.
- References
Affected packages
Git / github.com/phpoffice/phpspreadsheet
Affected ranges
- Type
- GIT
- Repo
- https://github.com/phpoffice/phpspreadsheet
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0.0
1.0.0-beta
1.0.0-beta2
1.1.0
1.10.0
1.10.1
1.11.0
1.12.0
1.13.0
1.14.0
1.14.1
1.15.0
1.16.0
1.17.0
1.17.1
1.18.0
1.19.0
1.2.0
1.2.1
1.20.0
1.21.0
1.22.0
1.23.0
1.24.0
1.24.1
1.25.0
1.25.1
1.25.2
1.27.0
1.28.0
1.29.0
1.3.0
1.3.1
1.4.0
1.4.1
1.5.0
1.5.1
1.5.2
1.6.0
1.7.0
1.8.0
1.8.1
1.8.2
1.9.0
2.*
2.0.0
2.1.0
2.2.0
2.2.1
2.2.2
3.*
3.3.0
3.4.0
3.5.0
3.6.0
3.7.0
Other
phpexcel-last-cherry-picked-commit
phpexcel-last-release-1.*
phpexcel-last-release-1.8.1