0Xbughunter

**Name of the Vulnerable Software and Affected Versions** html-to-csv versions all **Description** The issue arises when a formula is embedded in an HTML page and gets accepted without validation, allowing it to be pushed into a CSV file during conversion. This enables a malicious actor to embed or generate malicious links or execute commands via CSV files. **Recommendations** For all versions, consider disabling the conversion of HTML pages with embedded formulas to CSV files until a proper validation mechanism is implemented to prevent malicious links or command execution. Restrict access to the CSV file generation feature to minimize the risk of exploitation. Avoid using the html-to-csv package for converting HTML pages with embedded formulas until the issue is resolved.