CVE-2024-56411
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-56411
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56411.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-56411
- Aliases
- Published
- 2025-01-03T18:15:16Z
- Modified
- 2025-01-15T05:17:12.966712Z
- Summary
- [none]
- Details
-
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability of the hyperlink base in the HTML page header. The HTML page is formed without sanitizing the hyperlink base. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue.
- References
Affected packages
Git / github.com/phpoffice/phpspreadsheet
Affected ranges
- Type
- GIT
- Repo
- https://github.com/phpoffice/phpspreadsheet
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0.0
1.0.0-beta
1.0.0-beta2
1.1.0
1.10.0
1.10.1
1.11.0
1.12.0
1.13.0
1.14.0
1.14.1
1.15.0
1.16.0
1.17.0
1.17.1
1.18.0
1.19.0
1.2.0
1.2.1
1.20.0
1.21.0
1.22.0
1.23.0
1.24.0
1.24.1
1.25.0
1.25.1
1.25.2
1.27.0
1.28.0
1.29.0
1.3.0
1.3.1
1.4.0
1.4.1
1.5.0
1.5.1
1.5.2
1.6.0
1.7.0
1.8.0
1.8.1
1.8.2
1.9.0
2.*
2.0.0
2.1.0
2.2.0
2.2.1
2.2.2
3.*
3.3.0
3.4.0
3.5.0
3.6.0
Other
phpexcel-last-cherry-picked-commit
phpexcel-last-release-1.*
phpexcel-last-release-1.8.1