Impact
When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code.
Patches
The supplied patch resolves this vulnerability for SimpleXLSX. Use 1.1.13
Workarounds
Don't use data publication via toHTMLEx
This vulnerability was discovered by Aleksey Solovev (Positive Technologies)
Impact
When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code.
Patches
The supplied patch resolves this vulnerability for SimpleXLSX. Use 1.1.13
Workarounds
Don't use data publication via toHTMLEx
This vulnerability was discovered by Aleksey Solovev (Positive Technologies)