Unknown · Phpspreadsheet · CVE-2026-40296
**Name of the Vulnerable Software and Affected Versions**
PhpSpreadsheet (affected versions not specified)
**Description**
An HTML escaping bypass allows for Cross-Site Scripting (XSS), a technique where malicious scripts are injected into otherwise trusted websites.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.