vulnerability xss
severity 7.3
language javascript
registry npm

:book: Description

Luckysheet is an online spreadsheet like excel that is powerful, simple to configure, and completely open source. This package is vulnerable for (XSS).

:recycle: Steps To Reproduce-:

  1. download and run latest release from Or use demo
  2. add jscode in spredsheet. Payload used : "><img src=x onerror=alert(137)>

:telescope: POC

💥 Impact