16 matches found
EUVD-2018-0433
Malware in sbrugna...
MAL-2025-6361 Malicious code in exceljs-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 542e79c60c18aa779332620c884952b318f885c798a0ac8c2d3bf87bfad26950 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview exceljs-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious code in exceljs-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 542e79c60c18aa779332620c884952b318f885c798a0ac8c2d3bf87bfad26950 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Cross-Site Scripting
Overview Versions of exceljs before 1.6.0 are vulnerable to cross-site scripting. This vulnerability is due to exceljs does not validate data from parsed XLSX file and allows to embed HTML tags, like , directly in the sheet cells. Because of this it's possible to inject malicious JavaScript code...
88slot-ap (=1.0.0), @bipsync/apiclient (>=0.0.23 <=0.2.5) +163 more potentially affected by CVE-2018-16459 via exceljs (>=0.2.11 <=1.5.1)
exceljs NPM version =0.2.11, =0.0.23, =1.0.12, =2.0.2, =2.0.0, =1.1.0, =1.0.0, =1.0.3, =0.2.0, =1.0.0, =1.0.3, =1.0.0, =1.0.0, =1.2.0 and more Source cves: CVE-2018-16459 Source advisory: OSV:GHSA-2J2J-8RRV-264G...
GHSA-2J2J-8RRV-264G Cross-Site Scripting in exceljs
Versions of exceljs before 1.6.0 are vulnerable to cross-site scripting. This vulnerability is due to exceljs not validating data from parsed XLSX file and embedding HTML tags, like directly into the sheet cells. Because of this it's possible to inject malicious JavaScript code and execute it whe...
Cross-Site Scripting in exceljs
Versions of exceljs before 1.6.0 are vulnerable to cross-site scripting. This vulnerability is due to exceljs not validating data from parsed XLSX file and embedding HTML tags, like directly into the sheet cells. Because of this it's possible to inject malicious JavaScript code and execute it whe...
exceljs cross-site scripting vulnerability
exceljs is a software package for reading, manipulating and writing spreadsheet data and styles. A cross-site scripting vulnerability exists in versions of exceljs prior to 1.6. A remote attacker can exploit this vulnerability to execute JavaScript code embedded in an XLS worksheet with the help ...
CVE-2018-16459
An unescaped payload in exceljs v1.6 allows a possible XSS via cell value when worksheet is displayed in browser...
Design/Logic Flaw
An unescaped payload in exceljs v1.6 allows a possible XSS via cell value when worksheet is displayed in browser...
CVE-2018-16459
An unescaped payload in exceljs v1.6 allows a possible XSS via cell value when worksheet is displayed in browser...
CVE-2018-16459
An unescaped payload in exceljs v1.6 allows a possible XSS via cell value when worksheet is displayed in browser...
CVE-2018-16459
Summary: CVE-2018-16459 relates to the exceljs library. Affected software: exceljs prior to 1.6.0. Vulnerability: unescaped payload in cell values leads to cross-site scripting (XSS) when a worksheet is rendered in a browser, because parsed XLSX data is not validated and HTML tags (e.g., [removed...
Cross-site Scripting (XSS)
exceljs is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the cells in the table, allowing a malicious user to inject and execute arbitrary Javascript...
Node.js third-party modules: [exceljs] Possible XSS via cell value when worksheet is displayed in browser
Hi Team, I would like to report Stored XSS vulnerability in exceljs module. It allows to execute JavaScript code embeded in the XLS sheet when data from the sheet are displayed in the browser. Module module name: exceljs version: 1.4.6 npm page: https://www.npmjs.com/package/exceljs Module...