Cross-site Scripting
An unescaped payload in exceljs allows a possible XSS via cell value when worksheet is displayed in browser.
Advisories for Npm/Exceljs package
2018
An unescaped payload in exceljs allows a possible XSS via cell value when worksheet is displayed in browser.