{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T00:04:25.635","vulnerabilities":[{"cve":{"id":"CVE-2024-56412","sourceIdentifier":"security-advisories@github.com","published":"2025-01-03T18:15:16.380","lastModified":"2025-03-06T14:07:41.677","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to bypass of the cross-site scripting sanitizer using the javascript protocol and special characters. An attacker can use special characters, so that the library processes the javascript protocol with special characters and generates an HTML link. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue."},{"lang":"es","value":"PhpSpreadsheet es una librería PHP para leer y escribir archivos de hojas de cálculo. Las versiones anteriores a 3.7.0, 2.3.5, 2.1.6 y 1.29.7 son vulnerables a la omisión del desinfectado de cross site scripting mediante el protocolo JavaScript y caracteres especiales. Un atacante puede utilizar caracteres especiales, de modo que la librería procese el protocolo JavaScript con caracteres especiales y genere un enlace HTML. Las versiones 3.7.0, 2.3.5, 2.1.6 y 1.29.7 contienen un parche para el problema."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:phpoffice:phpspreadsheet:*:*:*:*:*:*:*:*","versionEndExcluding":"1.29.7","matchCriteriaId":"2A1A215A-BBAE-4518-8738-717AF6F9C7CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpoffice:phpspreadsheet:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.1.6","matchCriteriaId":"1D053213-50AD-4AFA-9659-6EADF780E2D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpoffice:phpspreadsheet:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.0","versionEndExcluding":"2.3.5","matchCriteriaId":"F5F84150-8F2B-44AF-8AAB-DE0A83319416"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpoffice:phpspreadsheet:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.7.0","matchCriteriaId":"AC92FDF6-4E94-4706-9501-583EF3DCA2FD"}]}]}],"references":[{"url":"https://github.com/PHPOffice/PhpSpreadsheet/commit/45052f88e04c735d56457a8ffcdc40b2635a028e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-q9jv-mm3r-j47r","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}