Home > Vulnerability Database > CVE-2024-56364

Mend.io Vulnerability Database

CVE-2024-56364

Date: December 23, 2024

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in 1.0.12 and ending in 1.1.13, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. This vulnerability is fixed in 1.1.13.

Severity Score

5.4

Related Resources (5)

Url: https://github.com/shuchkin/simplexlsx/commit/71a5e3d40d14e33161f8a40b3fd02de542218ef0

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-56364

Url: https://github.com/shuchkin/simplexlsx/security/advisories/GHSA-r87q-fj25-f8jf

Url: https://github.com/shuchkin/simplexlsx

Url: https://www.mend.io/vulnerability-database/CVE-2024-56364

Severity Score

5.4

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-56364

Date: December 23, 2024

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?