Back to CVE List

CVE-2026-40296

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
5.4 / 10

Vulnerability Description

PhpSpreadsheet has XSS via number format code with @ text placeholder bypasses htmlspecialchars in HTML writer

Vulnerability Details

Published Date
Last Modified
Source
GitHub
Vendor
composer
Product
phpoffice/phpspreadsheet

External References

Discussion (0)

Add Comment

No comments yet. Be the first!