x-data-spreadsheet

vulnerability xxs
severity 7.5
language javascript
registry npm
repo myliang/x-spreadsheet
fork 418sec/x-spreadsheet

Description

myliang/x-spreadsheet A web-based JavaScript spreadsheet. this package is vulnerable to Stored Cross-Site Scripting (XSS).

https://github.com/myliang/x-spreadsheet https://www.npmjs.com/package/x-data-spreadsheet

Steps To Reproduce

  1. install thru https://github.com/myliang/x-spreadsheet or use demo https://myliang.github.io/x-spreadsheet/
  2. while creating any spredsheet add js code in column

POC

gdrive

Impact

run any javascript payloads