CVE-2024-55878 Information

Description

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12 when calling the extended toHTMLEx method it is possible to execute arbitrary JavaScript code. Version 1.1.12 fixes the issue. As a workaround don’t use direct publication via toHTMLEx.

Reference

https://github.com/shuchkin/simplexlsx/commit/cb4e716259e83d18e89292a4f1b721f4d34e28c2 https://github.com/shuchkin/simplexlsx/security/advisories/GHSA-x6mh-rjwm-8ph7