Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-x6mh-rjwm-8ph7: Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx

Impact

When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code.

Patches

The supplied patch resolves this vulnerability for SimpleXLSX. Use 1.1.12

Workarounds

Don’t use direct publication via toHTMLEx


This vulnerability was discovered by Aleksey Solovev (Positive Technologies)

ghsa
#xss#vulnerability#git#java
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2024-55878

Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx

Moderate severity GitHub Reviewed Published Dec 12, 2024 in shuchkin/simplexlsx • Updated Dec 12, 2024

Package

composer shuchkin/simplexlsx (Composer)

Affected versions

>= 1.0.12, < 1.1.12

Impact

When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code.

Patches

The supplied patch resolves this vulnerability for SimpleXLSX. Use 1.1.12

Workarounds

Don’t use direct publication via toHTMLEx

This vulnerability was discovered by Aleksey Solovev (Positive Technologies)

References

  • GHSA-x6mh-rjwm-8ph7
  • shuchkin/simplexlsx@cb4e716

Published to the GitHub Advisory Database

Dec 12, 2024

Last updated

Dec 12, 2024

ghsa: Latest News

GHSA-vm62-9jw3-c8w3: Gogs has an argument Injection in the built-in SSH server