CVE-2024-45292 Information

Description

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. \PhpOffice\PhpSpreadsheet\Writer\Html does not sanitize \javascript:\ URLs from hyperlink href attributes resulting in a Cross-Site Scripting vulnerability. This issue has been addressed in release versions 1.29.2 2.1.1 and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Reference

https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-r8w8-74ww-j4wh