Cross-Site Scripting (XSS) vulnerability #25
Description
If a CSV file contains HTML and/or JavaScript, the QuickLook-CSV plugin will render it instead of displaying it as simple text. This makes it vulnerable to an XSS which would allow remote attackers to execute arbitrary JavaScript code on the victim's laptop.
Since this is a security issue, feel free to reach out to me on Twitter @JR0ch17 if you have any questions or want more details.