CVE-2024-56410
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-56410
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56410.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-56410
- Aliases
- Published
- 2025-01-03T17:17:52Z
- Modified
- 2025-10-14T18:56:29.697404Z
- Severity
-
- 4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N CVSS Calculator
- Summary
- PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability in custom properties
- Details
-
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability in custom properties. The HTML page is generated without clearing custom properties. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue.
- References
Affected packages
Git / github.com/PHPOffice/PhpSpreadsheet
Affected ranges
- Type
- GIT
- Repo
- https://github.com/PHPOffice/PhpSpreadsheet
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/PHPOffice/PhpSpreadsheet
- Events
- Type
- GIT
- Repo
- https://github.com/PHPOffice/PhpSpreadsheet
- Events
Affected versions
1.*
1.0.0
1.0.0-beta
1.0.0-beta2
1.1.0
1.10.0
1.10.1
1.11.0
1.12.0
1.13.0
1.14.0
1.14.1
1.15.0
1.16.0
1.17.0
1.17.1
1.18.0
1.19.0
1.2.0
1.2.1
1.20.0
1.21.0
1.22.0
1.23.0
1.24.0
1.24.1
1.25.0
1.25.1
1.25.2
1.27.0
1.28.0
1.29.0
1.29.1
1.29.2
1.29.4
1.29.5
1.29.6
1.3.0
1.3.1
1.4.0
1.4.1
1.5.0
1.5.1
1.5.2
1.6.0
1.7.0
1.8.0
1.8.1
1.8.2
1.9.0
2.*
2.0.0
2.1.0
2.1.1
2.1.3
2.1.4
2.1.5
2.2.0
2.2.1
2.2.2
2.3.0
2.3.2
2.3.3
2.3.4
Other
phpexcel-last-cherry-picked-commit
phpexcel-last-release-1.*
phpexcel-last-release-1.8.1