CVE-2026-35453 | PHPOffice PhpSpreadsheet up to 5.6.0 cross site scripting

A vulnerability was found in PHPOffice PhpSpreadsheet up to 1.30.3/2.1.15/2.4.4/3.10.4/5.6.0. It has been rated as problematic. The affected element is an unknown function. The manipulation leads to cross site scripting.

This vulnerability is referenced as CVE-2026-35453. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More