CVE-2024-55878

medium

Description

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Version 1.1.12 fixes the issue. As a workaround, don't use direct publication via toHTMLEx.

References

https://github.com/shuchkin/simplexlsx/security/advisories/GHSA-x6mh-rjwm-8ph7

https://github.com/shuchkin/simplexlsx/commit/cb4e716259e83d18e89292a4f1b721f4d34e28c2

Details

Source: Mitre, NVD

Published: 2024-12-12

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00045