Home > Vulnerability Database > CVE-2024-55878

Mend.io Vulnerability Database

CVE-2024-55878

Date: December 12, 2024

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Version 1.1.12 fixes the issue. As a workaround, don't use direct publication via toHTMLEx.

Language: PHP

Severity Score

6.8

Related Resources (5)

Url: https://github.com/shuchkin/simplexlsx/commit/cb4e716259e83d18e89292a4f1b721f4d34e28c2

Url: https://github.com/shuchkin/simplexlsx/security/advisories/GHSA-x6mh-rjwm-8ph7

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-55878

Url: https://github.com/shuchkin/simplexlsx

Url: https://www.mend.io/vulnerability-database/CVE-2024-55878

Severity Score

6.8

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	6.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-55878

Date: December 12, 2024

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?