4 matches found
CVE-2024-56412
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to bypass of the cross-site scripting sanitizer using the javascript protocol and special characters. An attacker can use special characters, so that the...
CVE-2024-56412
creationtimestamp| type| source ---|---|--- 2025-01-03 17:27:46+00:00| seen| https://infosec.exchange/users/cve/statuses/113765598079911257 2025-01-03 20:21:58+00:00| seen| https://t.me/cvedetector/14237...
CVE-2024-56412
PhpSpreadsheet vulnerability CVE-2024-56412 allows bypassing the XSS sanitizer via the javascript protocol and special characters in the Writer\Html component (generateRow). Affected versions are before 3.7.0, 2.3.5, 2.1.6, and 1.29.7. The issue can cause an attacker-created HTML link to be gener...
CVE-2024-56412 PhpSpreadsheet vulnerable to bypass of the XSS sanitizer using the javascript protocol and special characters
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to bypass of the cross-site scripting sanitizer using the javascript protocol and special characters. An attacker can use special characters, so that the...