3 matches found
CVE-2024-45060
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. One of the sample scripts in PhpSpreadsheet is susceptible to a cross-site scripting XSS vulnerability due to improper handling of input where a number is expected leading to formula injection. The code in in...
CVE-2024-45060
Summary (CVE-2024-45060) PhpSpreadsheet (PHPOffice) contains a cross-site scripting (XSS) vulnerability in a sample file. The issue arises when user-supplied input is concatenated directly into spreadsheet formulas in the 45_Quadratic_equation_solver.php script, enabling formula injection and Jav...
Cross-site Scripting (XSS)
Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS through the discriminantFormula and r1Formula processes due to improper user input sanitization. An...