3 matches found
88slot-ap (=1.0.0), @bipsync/apiclient (>=0.0.23 <=0.2.5) +163 more potentially affected by CVE-2018-16459 via exceljs (>=0.2.11 <=1.5.1)
exceljs NPM version =0.2.11, =0.0.23, =1.0.12, =2.0.2, =2.0.0, =1.1.0, =1.0.0, =1.0.3, =0.2.0, =1.0.0, =1.0.3, =1.0.0, =1.0.0, =1.2.0 and more Source cves: CVE-2018-16459 Source advisory: OSV:GHSA-2J2J-8RRV-264G...
CVE-2018-16459
An unescaped payload in exceljs v1.6 allows a possible XSS via cell value when worksheet is displayed in browser...
CVE-2018-16459
Summary: CVE-2018-16459 relates to the exceljs library. Affected software: exceljs prior to 1.6.0. Vulnerability: unescaped payload in cell values leads to cross-site scripting (XSS) when a worksheet is rendered in a browser, because parsed XLSX data is not validated and HTML tags (e.g., [removed...