fkie_cve-2024-56364
Vulnerability from fkie_nvd
Published
2024-12-23 16:15
Modified
2024-12-23 16:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in 1.0.12 and ending in 1.1.13, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. This vulnerability is fixed in 1.1.13.
References
security-advisories@github.comhttps://github.com/shuchkin/simplexlsx/commit/71a5e3d40d14e33161f8a40b3fd02de542218ef0
security-advisories@github.comhttps://github.com/shuchkin/simplexlsx/security/advisories/GHSA-r87q-fj25-f8jf
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in 1.0.12 and ending in 1.1.13, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. This vulnerability is fixed in 1.1.13."
    },
    {
      "lang": "es",
      "value": "SimpleXLSX es un software para analizar y recuperar datos de archivos Excel XLSx. A partir de 1.0.12 y finalizando en 1.1.13, al llamar al m\u00e9todo toHTMLEx extendido, es posible ejecutar c\u00f3digo JavaScript arbitrario. Esta vulnerabilidad se solucion\u00f3 en 1.1.13."
    }
  ],
  "id": "CVE-2024-56364",
  "lastModified": "2024-12-23T16:15:07.770",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-12-23T16:15:07.770",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/shuchkin/simplexlsx/commit/71a5e3d40d14e33161f8a40b3fd02de542218ef0"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/shuchkin/simplexlsx/security/advisories/GHSA-r87q-fj25-f8jf"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.