216.73.216.67

CVE-2024-56412

· Published 03/01/2025 18:15 · Modified 06/03/2025 14:07

Labels: CVE-2024-56412 2025-01-03CVE-2024-56412CWE-79[email protected]

Essential information

Published
03/01/2025 18:15
Modified
06/03/2025 14:07
Author
Creator
CVSS
4.8 MEDIUM (v3) 4.8 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to bypass of the cross-site scripting sanitizer using the javascript protocol and special characters. An attacker can use special characters, so that the library processes the javascript protocol with special characters and generates an HTML link. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
phpoffice / phpspreadsheet cpe:2.3:a:phpoffice:phpspreadsheet:*:*:*:*:*:*:*:*
phpoffice / phpspreadsheet cpe:2.3:a:phpoffice:phpspreadsheet:*:*:*:*:*:*:*:*
phpoffice / phpspreadsheet cpe:2.3:a:phpoffice:phpspreadsheet:*:*:*:*:*:*:*:*
phpoffice / phpspreadsheet cpe:2.3:a:phpoffice:phpspreadsheet:*:*:*:*:*:*:*:*

References