CVE-2024-55878
CVSS 3.1 Score 6.8 of 10 (medium)
Details
Published Dec 12, 2024
CWE ID 79
Summary
CVE-2024-55878 is a vulnerability affecting SimpleXLSX, a software used for parsing and retrieving data from Excel XLSx files. Prior to version 1.1.12, calling the extended toHTMLEx method in SimpleXLSX allowed for the execution of arbitrary JavaScript code. This issue was present in versions 1.0.12 and earlier. To mitigate the risk, users are advised not to use direct publication via the toHTMLEx method until updating to version 1.1.12 or later.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share