PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file

Unauthorized Reflected XSS in Convert-Online.php file Product: Phpspreadsheet Version: version 3.6.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 8.2 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N CVSS vector v.4.0: 8.3...

CVE-2024-56408 PhpSpreadsheet allows unauthorized reflected XSS in `Convert-Online.php` file

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php file, which leads to the possibility of a cross-site scripting attack...

CVE-2024-56408

PhpSpreadsheet (PHP) has a cross-site scripting (XSS) vulnerability in the Convert-Online.php sample due to missing input sanitization. Affected versions are prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7; these versions lack sanitization in /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-...

CVE-2024-56408 PhpSpreadsheet allows unauthorized reflected XSS in `Convert-Online.php` file

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php file, which leads to the possibility of a cross-site scripting attack...

PT-2024-10179 · Phpoffice · Phpspreadsheet

Name of the Vulnerable Software and Affected Versions: PhpSpreadsheet versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 Description: The issue is related to the lack of sanitization in the /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php file, which can lead to a cross-site...