PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability in custom properties. The HTML page is generated without clearing custom properties. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56410.json",
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-79"
]
}{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:phpoffice:phpspreadsheet:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.29.7"
},
{
"introduced": "2.0.0"
},
{
"fixed": "2.1.6"
},
{
"introduced": "2.2.0"
},
{
"fixed": "2.3.5"
},
{
"introduced": "3.3.0"
},
{
"fixed": "3.7.0"
}
]
}