CVE-2024-55878

Name of the Vulnerable Software and Affected Versions SimpleXLSX versions 1.0.12 through 1.1.12

Description The issue allows for the execution of arbitrary JavaScript code when calling the extended toHTMLEx method. This can be exploited in versions prior to 1.1.12. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited. The technical details of the exploitation include the toHTMLEx method, which can execute arbitrary JavaScript code.

Recommendations For versions 1.0.12 through 1.1.12, update to version 1.1.12 to resolve the issue. As a temporary workaround, consider not using direct publication via the toHTMLEx method until the issue is resolved.