Unescaped Payload in exceljs <v1.6: Possible XSS via Cell Value in Browser Display

Unescaped Payload in exceljs <v1.6: Possible XSS via Cell Value in Browser Display

CVE-2018-16459 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

An unescaped payload in exceljs <v1.6 allows a possible XSS via cell value when worksheet is displayed in browser.

Learn more about our Web Application Penetration Testing UK.