First published: Mon Dec 23 2024(Updated: )
### Impact When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. ### Patches The supplied patch resolves this vulnerability for SimpleXLSX. Use 1.1.13 ### Workarounds Don't use data publication via toHTMLEx *** This vulnerability was discovered by Aleksey Solovev (Positive Technologies)
Affected Software | Affected Version | How to fix |
---|---|---|
composer/shuchkin/simplexlsx | >=1.0.12<1.1.13 | 1.1.13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.