Summary: An unescaped payload in exceljs <v1.6 allows a possible XSS via cell value when worksheet is displayed in browser.Published: Thursday, September 6, 2018 - 09:29cvss: