Cross-Site Scripting Vulnerability in PhpSpreadsheet Library
CVE-2024-56410
5.4MEDIUM
What is CVE-2024-56410?
PhpSpreadsheet, a widely used PHP library for reading and writing spreadsheet files, is susceptible to a cross-site scripting (XSS) vulnerability present in versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7. This vulnerability arises from the failure to sanitize custom properties when generating HTML pages, potentially allowing an attacker to inject malicious scripts through unfiltered input. The issue has been addressed in subsequent patch releases. Developers utilizing affected versions are advised to upgrade to ensure the integrity and security of their applications.