Cross-Site Scripting Vulnerability in PhpSpreadsheet Library
CVE-2024-56410
5.4MEDIUM
What is CVE-2024-56410?
PhpSpreadsheet, a widely used PHP library for reading and writing spreadsheet files, is susceptible to a cross-site scripting (XSS) vulnerability present in versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7. This vulnerability arises from the failure to sanitize custom properties when generating HTML pages, potentially allowing an attacker to inject malicious scripts through unfiltered input. The issue has been addressed in subsequent patch releases. Developers utilizing affected versions are advised to upgrade to ensure the integrity and security of their applications.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published