6 matches found
The vulnerability of the Convert-Online.php script (phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php) in the PhpSpreadsheet PHP library allows attackers to perform cross-site scripting attacks.
The vulnerability of the Convert-Online.php script phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php in the PhpSpreadsheet library is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site...
PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file
Unauthorized Reflected XSS in Convert-Online.php file Product: Phpspreadsheet Version: version 3.6.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 8.2 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N CVSS vector v.4.0: 8.3...
CVE-2024-56408 PhpSpreadsheet allows unauthorized reflected XSS in `Convert-Online.php` file
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php file, which leads to the possibility of a cross-site scripting attack...
CVE-2024-56408 PhpSpreadsheet allows unauthorized reflected XSS in `Convert-Online.php` file
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php file, which leads to the possibility of a cross-site scripting attack...
CVE-2024-56408
PhpSpreadsheet (PHP) has a cross-site scripting (XSS) vulnerability in the Convert-Online.php sample due to missing input sanitization. Affected versions are prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7; these versions lack sanitization in /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-...
PT-2024-10179 · Phpoffice · Phpspreadsheet
Name of the Vulnerable Software and Affected Versions: PhpSpreadsheet versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 Description: The issue is related to the lack of sanitization in the /vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php file, which can lead to a cross-site...