EUVD-2024-3611

Malicious code in bioql PyPI...

CVE-2024-55878

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Version 1.1.12 fixes the issue. As a workaround, don't use direct...

GHSA-R87Q-FJ25-F8JF Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx

Impact When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Patches The supplied patch resolves this vulnerability for SimpleXLSX. Use 1.1.13 Workarounds Don't use data publication via toHTMLEx This vulnerability was discovered by Aleksey Solovev Positiv...

CVE-2024-56364 Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in 1.0.12 and ending in 1.1.13, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. This vulnerability is fixed in 1.1.13...

CVE-2024-56364

CVE-2024-56364 affects the SimpleXLSX PHP library. From versions 1.0.12 through 1.1.13, calling the extended toHTMLEx method could allow execution of arbitrary JavaScript, via the toHTMLEx component. The vulnerability is mitigated by upgrading to version 1.1.13 or newer, which contains the fix. R...

Cross Site Scripting

SimpleXLSX is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient input validation and sanitization in the toHTMLEx method, allowing the execution of arbitrary JavaScript code when processing Excel XLSx files...

Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx

Impact When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Patches The supplied patch resolves this vulnerability for SimpleXLSX. Use 1.1.12 Workarounds Don't use direct publication via toHTMLEx This vulnerability was discovered by Aleksey Solovev...

CVE-2024-55878 Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Version 1.1.12 fixes the issue. As a workaround, don't use direct...

PT-2024-55: Cross-site Scripting (XSS) in SimpleXLSX

The vulnerability was identified in SimpleXLSX, versions 1.0.12-1.1.11. The discovered vulnerability allows an attacker to inject an arbitrary JavaScript code. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 11.12.2024 Recommendations: Update to version 1.1.12 or high...