CVE-2024-55878

Published Dec 12, 2024

Last updated 2 months ago

CVSS medium 6.8

Overview

Description
SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Version 1.1.12 fixes the issue. As a workaround, don't use direct publication via toHTMLEx.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.8
Impact score
4
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2024-55878 Arbitrary JavaScript Execution Vulnerability in SimpleXLSX Pre-1.1.12 SimpleXLSX helps to read data from Excel XLSx files. Versions from 1.0.12 to before 1.1.12 have an issue. Calling the extended ... https://t.co/Q3KNNTqN1K

    @VulmonFeeds

    13 Dec 2024

    37 Impressions

    1 Retweet

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

References