CVE-2024-56366
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-56366
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56366.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-56366
- Aliases
- Related
- Published
- 2025-01-03T17:15:08Z
- Modified
- 2025-01-15T05:17:11.191936Z
- Summary
- [none]
- Details
-
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the
Accounting.phpfile. Using the/vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Accounting.phpscript, an attacker can perform a cross-site scripting attack. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. - References
Affected packages
Git / github.com/phpoffice/phpspreadsheet
Affected ranges
- Type
- GIT
- Repo
- https://github.com/phpoffice/phpspreadsheet
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0.0
1.0.0-beta
1.0.0-beta2
1.1.0
1.10.0
1.10.1
1.11.0
1.12.0
1.13.0
1.14.0
1.14.1
1.15.0
1.16.0
1.17.0
1.17.1
1.18.0
1.19.0
1.2.0
1.2.1
1.20.0
1.21.0
1.22.0
1.23.0
1.24.0
1.24.1
1.25.0
1.25.1
1.25.2
1.27.0
1.28.0
1.29.0
1.3.0
1.3.1
1.4.0
1.4.1
1.5.0
1.5.1
1.5.2
1.6.0
1.7.0
1.8.0
1.8.1
1.8.2
1.9.0
2.*
2.0.0
2.1.0
2.2.0
2.2.1
2.2.2
3.*
3.3.0
3.4.0
3.5.0
3.6.0
Other
phpexcel-last-cherry-picked-commit
phpexcel-last-release-1.*
phpexcel-last-release-1.8.1