CVE-2024-45046

CVSS V2 None CVSS V3 None
Description
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. In affected versions `\PhpOffice\PhpSpreadsheet\Writer\Html` doesn't sanitize spreadsheet styling information such as font names, allowing an attacker to inject arbitrary JavaScript on the page. As a result an attacker may used a crafted spreadsheet to fully takeover a session of a user viewing spreadsheet files as HTML. This issue has been addressed in release version 2.1.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Overview
  • CVE ID
  • CVE-2024-45046
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-08-28T20:41:23.628Z
  • Last Modified Date
  • 2024-08-28T20:41:23.628Z
History
Created Old Value New Value Data Type Notes
2024-08-29 13:08:46 Added to TrackCVE