CVE-2024-55878

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Dec 12, 2024
CWE ID 79

Summary

CVE-2024-55878 is a vulnerability affecting SimpleXLSX, a software used for parsing and retrieving data from Excel XLSx files. Prior to version 1.1.12, calling the extended toHTMLEx method in SimpleXLSX allowed for the execution of arbitrary JavaScript code. This issue was present in versions 1.0.12 and earlier. To mitigate the risk, users are advised not to use direct publication via the toHTMLEx method until updating to version 1.1.12 or later.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share