CVE-2024-45292

CVSS V2 None CVSS V3 None
Description
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. `\PhpOffice\PhpSpreadsheet\Writer\Html` does not sanitize "javascript:" URLs from hyperlink `href` attributes, resulting in a Cross-Site Scripting vulnerability. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Overview
  • CVE ID
  • CVE-2024-45292
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-10-07T20:06:13.595Z
  • Last Modified Date
  • 2024-10-07T20:26:37.224Z
References
History
Created Old Value New Value Data Type Notes
2024-10-08 13:28:58 Added to TrackCVE