Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2024-3522

Malicious code in bioql PyPI...

6.8CVSS6.3AI score0.00296EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2024-3611

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00252EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/05/23 9:7 a.m.4 views

CVE-2024-56364

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in 1.0.12 and ending in 1.1.13, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. This vulnerability is fixed in 1.1.13...

5.4CVSS7.4AI score0.00252EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 7:41 a.m.5 views

CVE-2024-55878

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Version 1.1.12 fixes the issue. As a workaround, don't use direct...

6.8CVSS7.4AI score0.00296EPSS
Exploits0References1
BDU FSTEC
BDU FSTECadded 2024/12/26 12:0 a.m.1 views

The vulnerability of the library for extracting data from SimpleXLSX Excel files relates to the lack of protective measures for the website structure, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the library for extracting data from SimpleXLSX Excel files is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

6.8CVSS0.00252EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blogadded 2024/12/23 6:18 p.m.12 views

Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx

Impact When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Patches The supplied patch resolves this vulnerability for SimpleXLSX. Use 1.1.13 Workarounds Don't use data publication via toHTMLEx This vulnerability was discovered by Aleksey Solovev Positiv...

5.4CVSS7.7AI score0.00252EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2024/12/23 6:18 p.m.7 views

GHSA-R87Q-FJ25-F8JF Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx

Impact When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Patches The supplied patch resolves this vulnerability for SimpleXLSX. Use 1.1.13 Workarounds Don't use data publication via toHTMLEx This vulnerability was discovered by Aleksey Solovev Positiv...

6.8CVSS5.8AI score0.00252EPSS
Exploits0References4
NVD
NVDadded 2024/12/23 4:15 p.m.9 views

CVE-2024-56364

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in 1.0.12 and ending in 1.1.13, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. This vulnerability is fixed in 1.1.13...

5.4CVSS0.00252EPSS
Exploits0References2
OSV
OSVadded 2024/12/23 3:52 p.m.3 views

CVE-2024-56364 Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in 1.0.12 and ending in 1.1.13, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. This vulnerability is fixed in 1.1.13...

5.4CVSS7.2AI score0.00252EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2024/12/23 3:52 p.m.8 views

CVE-2024-56364 Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in 1.0.12 and ending in 1.1.13, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. This vulnerability is fixed in 1.1.13...

5.4CVSS7.3AI score0.00252EPSS
Exploits0References2
Cvelist
Cvelistadded 2024/12/23 3:52 p.m.14 views

CVE-2024-56364 Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in 1.0.12 and ending in 1.1.13, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. This vulnerability is fixed in 1.1.13...

5.4CVSS0.00252EPSS
Exploits0References2
CVE
CVEadded 2024/12/23 3:52 p.m.55 views

CVE-2024-56364

CVE-2024-56364 affects the SimpleXLSX PHP library. From versions 1.0.12 through 1.1.13, calling the extended toHTMLEx method could allow execution of arbitrary JavaScript, via the toHTMLEx component. The vulnerability is mitigated by upgrading to version 1.1.13 or newer, which contains the fix. R...

5.4CVSS5.9AI score0.00252EPSS
Exploits0References2
CNNVD
CNNVDadded 2024/12/23 12:0 a.m.1 views

SimpleXLSX 跨站脚本漏洞

SimpleXLSX is a tool by the individual developer Sergey Shuchkin. It is used to parse and retrieve data from Excel XLSx files. A cross-site scripting vulnerability exists in SimpleXLSX versions 1.0.12 through 1.1.13 that stems from the potential execution of arbitrary JavaScript code when using t...

5.4CVSS6.2AI score0.00252EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/12/21 12:0 a.m.5 views

PT-2024-56: Cross-site Scripting (XSS) in SimpleXLSX

The vulnerability was identified in SimpleXLSX versions 1.0.12-1.1.12. The discovered vulnerability allows an attacker to inject an arbitrary JavaScript code. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 21.12.2024 Recommendations: Update to version or higher...

6.8CVSS6.3AI score0.00252EPSS
Exploits0
Veracode
Veracodeadded 2024/12/18 5:40 a.m.9 views

Cross Site Scripting

SimpleXLSX is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient input validation and sanitization in the toHTMLEx method, allowing the execution of arbitrary JavaScript code when processing Excel XLSx files...

6.8CVSS7AI score0.00296EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTECadded 2024/12/18 12:0 a.m.1 views

The vulnerability of the SimpleXLSX file reading extension lies in the lack of sanitization, allowing an attacker to execute arbitrary code.

The vulnerability of the SimpleXLSX file reading extension is related to the lack of sanitization. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

6.8CVSS5.9AI score
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2024/12/17 12:0 a.m.2 views

PT-2024-9826 · Unknown · Simplexlsx

Name of the Vulnerable Software and Affected Versions: SimpleXLSX versions 1.0.12 through 1.1.13 Description: The issue is related to the execution of arbitrary JavaScript code when calling the extended toHTMLEx method in SimpleXLSX. This can allow a remote attacker to execute arbitrary JavaScrip...

6.8CVSS8AI score0.00252EPSS
Exploits0References10
NVD
NVDadded 2024/12/12 8:15 p.m.9 views

CVE-2024-55878

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Version 1.1.12 fixes the issue. As a workaround, don't use direct...

6.8CVSS0.00296EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2024/12/12 7:22 p.m.11 views

Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx

Impact When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Patches The supplied patch resolves this vulnerability for SimpleXLSX. Use 1.1.12 Workarounds Don't use direct publication via toHTMLEx This vulnerability was discovered by Aleksey Solovev...

6.8CVSS7.5AI score0.00296EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2024/12/12 7:20 p.m.10 views

CVE-2024-55878 Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Version 1.1.12 fixes the issue. As a workaround, don't use direct...

6.8CVSS7.4AI score0.00296EPSS
Exploits0References2
Rows per page
Query Builder