CVE-2025-23210
CVE-2025-23210
Título es
CVE-2025-23210
Lun, 03/02/2025 – 22:15
Tipo
CWE-79
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2025-23210
Descripción en
phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting (XSS) sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1.8, and 1.29.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.
03/02/2025
03/02/2025
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Gravedad 4.0
4.80
Gravedad 4.0 txt
MEDIUM
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis
Referencias
Enviar en el boletín
Off
