Cross-site scripting (XSS) vulnerability in codebase/spreadsheet.php in the Spreadsheet (dhtmlxSpreadsheet) plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "page" parameter.
CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:NDhtmlx Dhtmlxspreadsheet
APPDhtmlx2.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
Related vulnerabilities
CVE-2026-41552CRITICAL9.2PL ✓ten sam vendor
Path Traversal w PDF Export Module DHTMLX Gantt i Scheduler
CVE-2026-41553CRITICAL10.0PL ✓ten sam vendor
RCE i command injection w PDF Export Module DHTMLX (Gantt/Scheduler)
CVE-2024-55213MEDIUM6.5ten sam vendor
Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive i...
CVE-2024-55214MEDIUM6.5ten sam vendor
Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive ...