Antonio-R1

**Name of the Vulnerable Software and Affected Versions** PhpSpreadsheet versions prior to 1.9.4, 2.1.3, 2.3.2, and 3.4.0 **Description** The XmlScanner class in PhpSpreadsheet has a scan method that is intended to prevent XXE attacks. However, the regexes used in the scan method and the findCharSet method can be bypassed by using UCS-4 and encoding guessing, allowing an attacker to bypass the sanitizer and achieve an XML external entity attack. This issue can be exploited by creating a malicious payload for the workbook.xml file, which can lead to an HTTP request being sent to a specified URL. **Recommendations** For versions prior to 1.9.4, update to version 1.9.4 or later. For versions prior to 2.1.3, update to version 2.1.3 or later. For versions prior to 2.3.2, update to version 2.3.2 or later. For versions prior to 3.4.0, update to version 3.4.0 or later.

**Name of the Vulnerable Software and Affected Versions** PhpSpreadsheet versions prior to 1.9.4 PhpSpreadsheet versions prior to 2.1.3 PhpSpreadsheet versions prior to 2.3.2 PhpSpreadsheet versions prior to 3.4.0 **Description** The `XmlScanner` class in PhpSpreadsheet has a scan method that is supposed to prevent XXE attacks. However, the regexes from the `findCharSet` method can be bypassed by using a payload in the encoding UTF-7 and adding a comment with the value `encoding="UTF-8"` at the end of the file. This allows an attacker to bypass the sanitizer and achieve an XML external entity attack. **Recommendations** For versions prior to 1.9.4, update to version 1.9.4 or later. For versions prior to 2.1.3, update to version 2.1.3 or later. For versions prior to 2.3.2, update to version 2.3.2 or later. For versions prior to 3.4.0, update to version 3.4.0 or later. As a temporary workaround, consider disabling the `XmlScanner` class until a patch is available. Restrict access to the `findCharSet` method to minimize the risk of exploitation. Avoid using the `encoding` parameter in the XML header until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions prior to 8.1.3 PrestaShop versions prior to 1.7.8.11 **Description** PrestaShop is an open-source e-commerce platform. Some event attributes are not detected by the `isCleanHTML` method, which could make some modules using this method vulnerable to cross-site scripting. **Recommendations** For versions prior to 8.1.3, update to version 8.1.3 to resolve the issue. For versions prior to 1.7.8.11, update to version 1.7.8.11 to resolve the issue. As a temporary workaround, consider using the `HTMLPurifier` library to sanitize HTML input coming from users, as it is already available as a dependency in the PrestaShop project. Be aware that in legacy object models, fields of `HTML` type will call `isCleanHTML`.