Lucene search
+L

4 matches found

NVD
NVD
added 2025/01/03 6:15 p.m.20 views

CVE-2024-56412

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to bypass of the cross-site scripting sanitizer using the javascript protocol and special characters. An attacker can use special characters, so that the...

5.4CVSS0.00373EPSS
Exploits1References2
Circl
Circl
added 2025/01/03 5:27 p.m.11 views

CVE-2024-56412

creationtimestamp| type| source ---|---|--- 2025-01-03 17:27:46+00:00| seen| https://infosec.exchange/users/cve/statuses/113765598079911257 2025-01-03 20:21:58+00:00| seen| https://t.me/cvedetector/14237...

5.4CVSS4.8AI score0.00373EPSS
Exploits1References2
CVE
CVE
added 2025/01/03 5:20 p.m.60 views

CVE-2024-56412

PhpSpreadsheet vulnerability CVE-2024-56412 allows bypassing the XSS sanitizer via the javascript protocol and special characters in the Writer\Html component (generateRow). Affected versions are before 3.7.0, 2.3.5, 2.1.6, and 1.29.7. The issue can cause an attacker-created HTML link to be gener...

5.4CVSS6AI score0.00373EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/01/03 5:20 p.m.11 views

CVE-2024-56412 PhpSpreadsheet vulnerable to bypass of the XSS sanitizer using the javascript protocol and special characters

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to bypass of the cross-site scripting sanitizer using the javascript protocol and special characters. An attacker can use special characters, so that the...

4.8CVSS6AI score0.00373EPSS
Exploits1References4
Rows per page
Query Builder