A new vulnerability!

CVE-2024-45060

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. One of the examples of scripts in PhpSpreadsheet is vulnerable to cross-site scripting (XSS) due to incorrect processing of input data, where a number is expected, which leads to the implementation of a formula. Code in `45_Quadratic_equation_solver.php ` combines user-provided parameters directly into spreadsheet formulas. This allows an attacker to gain control of the formula and output the raw data to the page, which leads to JavaScript execution. This issue has been fixed in release versions 1.29.2, 2.1.1 and 2.3.0. All users are recommended to upgrade. There are no known workarounds for this vulnerability.

Using CWE to declare a problem results in CWE-79. The product does not neutralize or incorrectly neutralizes user-controlled input before it is placed in the output, which is used as a web page, served by