CVE-2014-2054

PHPExcel <1.8.0 - XSS

Title source: llm
STIX 2.1

Description

PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

References (2)

Core 2

Scores

EPSS 0.0073
EPSS Percentile 72.7%

Details

Status published
Products (20)
owncloud/owncloud_server 6.0.0
owncloud/owncloud_server 6.0.1
owncloud/owncloud_server 5.0.0
owncloud/owncloud_server 5.0.1
owncloud/owncloud_server 5.0.2
owncloud/owncloud_server 5.0.3
owncloud/owncloud_server 5.0.4
owncloud/owncloud_server 5.0.5
owncloud/owncloud_server 5.0.6
owncloud/owncloud_server 5.0.7
... and 10 more
Published Jun 04, 2014
Tracked Since Feb 18, 2026