Igor Sak-Sakovskiy

**Name of the Vulnerable Software and Affected Versions** phpoffice/phpspreadsheet versions prior to 1.29.9 phpoffice/phpspreadsheet versions prior to 2.1.8 phpoffice/phpspreadsheet versions prior to 2.3.7 phpoffice/phpspreadsheet versions prior to 3.9.0 **Description** The issue is related to a bypass of the Cross-site Scripting (XSS) sanitizer in phpoffice/phpspreadsheet, a pure PHP library for reading and writing spreadsheet files. This bypass is achieved using the javascript protocol and special characters. An attacker can use special characters to generate an HTML link that, when clicked, executes arbitrary JavaScript code in the browser. The vulnerable component is the `PhpOfficePhpSpreadsheetWriterHtml` class, specifically the `generateRow` method. The exploitation conditions involve a user viewing a specially generated XML file. **Recommendations** For versions prior to 1.29.9, upgrade to version 1.29.9 or later. For versions prior to 2.1.8, upgrade to version 2.1.8 or later. For versions prior to 2.3.7, upgrade to version 2.3.7 or later. For versions prior to 3.9.0, upgrade to version 3.9.0 or later. As a temporary workaround, consider additional sanitization of special characters in strings to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: XMB versions prior to 1.9.11.16 XMB versions prior to 1.9.12.03 Description: The issue is related to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This allows for potential malicious script execution. Recommendations: For versions prior to 1.9.11.16, update to version 1.9.11.16. For versions prior to 1.9.12.03, update to version 1.9.12.03.

**Name of the Vulnerable Software and Affected Versions** Rocket.Chat versions prior to 3.11 Rocket.Chat version 3.10.5 Rocket.Chat version 3.9.7 Rocket.Chat version 3.8.8 **Description** The issue allows a remote attacker to inject arbitrary JavaScript in a message using nested markdown tags, leading to persistent cross-site scripting (XSS). This flaw can result in arbitrary file read and remote code execution (RCE) on the Rocket.Chat desktop app. **Recommendations** For Rocket.Chat version 3.8.8, update to a version later than 3.8.8 to resolve the issue. For Rocket.Chat version 3.9.7, update to a version later than 3.9.7 to resolve the issue. For Rocket.Chat version 3.10.5, update to a version later than 3.10.5 to resolve the issue. For Rocket.Chat versions prior to 3.11, update to version 3.11 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: PunBB versions prior to 1.4.6 Description: An issue was discovered in the [email] BBcode tag, allowing an XSS vulnerability that enables injecting arbitrary JavaScript into any forum message with authentication. Recommendations: For PunBB versions prior to 1.4.6, update to version 1.4.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the [email] BBcode tag until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MyBB versions prior to 1.8.25 **Description** The issue allows stored XSS via nested [email] tags with MyCode (aka BBCode). **Recommendations** For versions prior to 1.8.25, update to version 1.8.25 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Invision Power Board versions 3.3.1 through 3.4.8 **Description** The issue is related to Stored XSS, which can lead to Remote Code Execution. **Recommendations** For Invision Power Board versions 3.3.1 through 3.4.8, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Vanilla Forums versions prior to 2.5 **Description** The issue allows remote attackers to inject arbitrary JavaScript code into any message on the forum via multiple stored XSS. **Recommendations** For versions prior to 2.5, update to version 2.5 or later to resolve the issue.