Sergey Shuchkin

2 exploits Active since Dec 2024
CVE-2024-55878 WRITEUP MEDIUM WRITEUP
SimpleXLSX 1.0.12-1.1.12 - Cross-Site Scripting via toHTMLEx Method
SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Version 1.1.12 fixes the issue. As a workaround, don't use direct publication via toHTMLEx.
CVSS 6.8
CVE-2024-56364 WRITEUP MEDIUM WRITEUP
SimpleXLSX 1.0.12-1.1.13 - Cross-Site Scripting via toHTMLEx Method
SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in 1.0.12 and ending in 1.1.13, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. This vulnerability is fixed in 1.1.13.
CVSS 5.4