Headline
GHSA-x6mh-rjwm-8ph7: Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx
Impact
When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code.
Patches
The supplied patch resolves this vulnerability for SimpleXLSX. Use 1.1.12
Workarounds
Don’t use direct publication via toHTMLEx
This vulnerability was discovered by Aleksey Solovev (Positive Technologies)
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-55878
Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx
Moderate severity GitHub Reviewed Published Dec 12, 2024 in shuchkin/simplexlsx • Updated Dec 12, 2024
Package
composer shuchkin/simplexlsx (Composer)
Affected versions
>= 1.0.12, < 1.1.12
Impact
When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code.
Patches
The supplied patch resolves this vulnerability for SimpleXLSX. Use 1.1.12
Workarounds
Don’t use direct publication via toHTMLEx
This vulnerability was discovered by Aleksey Solovev (Positive Technologies)
References
- GHSA-x6mh-rjwm-8ph7
- shuchkin/simplexlsx@cb4e716
Published to the GitHub Advisory Database
Dec 12, 2024
Last updated
Dec 12, 2024