- Description
- PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to bypass of the cross-site scripting sanitizer using the javascript protocol and special characters. An attacker can use special characters, so that the library processes the javascript protocol with special characters and generates an HTML link. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 4.8
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-79
- Hype score
- Not currently trending
CVE-2024-56412 Cross-Site Scripting Bypass in PhpSpreadsheet Versions Below 3.7.0 PhpSpreadsheet is a PHP library to read and write spreadsheet files. If your version is older than 3.7.0, 2.3.5, 2.1.6, or 1.29.7,... https://t.co/rd9TbQvlsg
@VulmonFeeds
3 Jan 2025
48 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56412 PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to bypass of the cross-sit… https://t.co/kOFLAi016O
@CVEnew
3 Jan 2025
445 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes