Lucene search
K

4 matches found

NVD
NVD
added 2025/01/03 5:15 p.m.48 views

CVE-2024-56409

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the Currency.php file. Using the /vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Currency.php...

8.3CVSS0.00325EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/01/03 5:5 p.m.10 views

CVE-2024-56409 PhpSpreadsheet vulnerable to unauthorized reflected XSS in Currency.php file

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the Currency.php file. Using the /vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Currency.php...

8.3CVSS6AI score0.00325EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/01/03 5:5 p.m.50 views

CVE-2024-56409 PhpSpreadsheet vulnerable to unauthorized reflected XSS in Currency.php file

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the Currency.php file. Using the /vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Currency.php...

8.3CVSS0.00325EPSS
Exploits1References2
CVE
CVE
added 2025/01/03 5:5 p.m.64 views

CVE-2024-56409

CVE-2024-56409 concerns PhpSpreadsheet, a PHP library for spreadsheet handling. The vulnerability affects the vulnerable component in the Currency.php sample, where the currency parameter is not sanitized, allowing an unauthorized reflected cross-site scripting (XSS) attack when an attacker submi...

8.3CVSS6AI score0.00325EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder