Moderate severityNVD Advisory· Published Aug 30, 2022· Updated Sep 16, 2024
Cross-site Scripting (XSS)
CVE-2022-25646
Description
All versions of package x-data-spreadsheet are vulnerable to Cross-site Scripting (XSS) due to missing sanitization of values inserted into the cells.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
x-data-spreadsheetnpm | <= 1.1.9 | — |
Affected products
1- Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-x5cw-843f-r366ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-25646ghsaADVISORY
- github.com/myliang/x-spreadsheet/issues/580ghsax_refsource_MISCWEB
- security.snyk.io/vuln/SNYK-JS-XDATASPREADSHEET-2430381ghsax_refsource_MISCWEB
- youtu.be/Ij-8VVKNh7Ughsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.