GHSA-HWCP-2H35-P66W PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header

Cross-Site Scripting XSS vulnerability of the hyperlink base in the HTML page header Product: Phpspreadsheet Version: version 3.6.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS...

CVE-2024-56411 PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting XSS vulnerability of the hyperlink base in the HTML page header. The HTML page is formed without sanitizing the hyperlink base. Versions 3.7.0,...

CVE-2024-56411 PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting XSS vulnerability of the hyperlink base in the HTML page header. The HTML page is formed without sanitizing the hyperlink base. Versions 3.7.0,...

CVE-2024-56411 PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting XSS vulnerability of the hyperlink base in the HTML page header. The HTML page is formed without sanitizing the hyperlink base. Versions 3.7.0,...

CVE-2024-56411

CVE-2024-56411 concerns PhpSpreadsheet: an XSS vulnerability in the hyperlink base used when generating HTML headers via PhpOffice\PhpSpreadsheet\Writer\Html. The issue arises because the HTML page header is built without sanitizing the hyperlink base, potentially allowing malicious payloads when...

PT-2024-10178 · Unknown · Phpspreadsheet

Name of the Vulnerable Software and Affected Versions: PhpSpreadsheet versions prior to 3.7.0 PhpSpreadsheet versions prior to 2.3.5 PhpSpreadsheet versions prior to 2.1.6 PhpSpreadsheet versions prior to 1.29.7 Description: The issue is related to a cross-site scripting XSS vulnerability of the...

CVE-2024-56359

grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier meaning for example Ctrl+click could have their account compromised, since the link could use the javascript: scheme and be evaluated in the context...

CVE-2024-56359 Cross-site Scripting vulnerability through HyperLink cells in grist-core

grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier meaning for example Ctrl+click could have their account compromised, since the link could use the javascript: scheme and be evaluated in the context...

CVE-2024-56359

CVE-2024-56359 affects Grist Core: the vulnerability lies in HyperLink cells where clicking a link with a control modifier (e.g., Ctrl+Click) could cause a javascript: URL to run in the current page context, potentially compromising the user’s account. Root cause is mis-sanitized or untrusted Jav...

CVE-2024-56359 Cross-site Scripting vulnerability through HyperLink cells in grist-core

grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier meaning for example Ctrl+click could have their account compromised, since the link could use the javascript: scheme and be evaluated in the context...

PT-2024-36801 · Unknown · Grist-Core

Name of the Vulnerable Software and Affected Versions: grist-core versions prior to 1.3.2 Description: The issue arises when a user visits a malicious document and clicks on a link in a HyperLink cell using a control modifier, such as Ctrl+click. This could lead to account compromise, as the link...

Adobe InDesign 14.0.0 < 14.0.2 Arbitrary Code Execution (APSB19-23) (macOS)

The version of Adobe InDesign installed on the remote macOS host is prior to 14.0.2. It is, therefore, affected by a vulnerability as referenced in the APSB19-23 advisory. - Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could...

CVE-2024-49279

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Floeter Hyperlink Group Block hyperlink-group-block allows Stored XSS.This issue affects Hyperlink Group Block: from n/a through = 1.17.5...

CVE-2024-49279 WordPress Hyperlink Group Block plugin <= 1.17.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in TipTopPress Hyperlink Group Block allows Stored XSS.This issue affects Hyperlink Group Block: from n/a through 1.17.5...

CVE-2024-49279

CVE-2024-49279 concerns WordPress Hyperlink Group Block plugin, affected versions

CVE-2024-49279 WordPress Hyperlink Group Block plugin <= 1.17.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel Floeter Hyperlink Group Block hyperlink-group-block allows Stored XSS.This issue affects Hyperlink Group Block: from n/a through = 1.17.5...

PT-2024-33418 · Tiptoppress · Tiptoppress Hyperlink Group Block

Name of the Vulnerable Software and Affected Versions: TipTopPress Hyperlink Group Block versions 1.17.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

WordPress plugin Hyperlink Group Block 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

WordPress Hyperlink Group Block plugin <= 1.17.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf Patchstack Alliance in WordPress Plugin Hyperlink Group Block versions = 1.17.5...

WordPress Hyperlink Group Block Plugin <= 1.17.5 is vulnerable to Cross Site Scripting (XSS)

Software Hyperlink Group Block Type Plugin Vulnerable versions = 1.17.5 Fixed in 1.17.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49279 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c125a0adb315 Credits Khalid Yusuf Required privileg...