Количество 3
Количество 3
CVE-2024-56412
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to bypass of the cross-site scripting sanitizer using the javascript protocol and special characters. An attacker can use special characters, so that the library processes the javascript protocol with special characters and generates an HTML link. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue.
GHSA-q9jv-mm3r-j47r
PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters
BDU:2025-00508
Уязвимость функции generateRow() PHP-библиотеки PhpSpreadsheet, позволяющая нарушителю проводить межсайтовые сценарные атаки
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-56412 PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to bypass of the cross-site scripting sanitizer using the javascript protocol and special characters. An attacker can use special characters, so that the library processes the javascript protocol with special characters and generates an HTML link. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. | CVSS3: 5.4 | 0% Низкий | около 1 года назад |
| GHSA-q9jv-mm3r-j47r PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters | CVSS3: 5.4 | 0% Низкий | около 1 года назад |
 | BDU:2025-00508 Уязвимость функции generateRow() PHP-библиотеки PhpSpreadsheet, позволяющая нарушителю проводить межсайтовые сценарные атаки | CVSS3: 5.4 | 0% Низкий | около 1 года назад |
Уязвимостей на страницу