[MEDIUM] PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters

PKSA-2vt6-y6jz-crs9 CVE-2025-23210 GHSA-r57h-547h-w24f

Affected package: phpoffice/phpexcel

Affected version: <=1.8.2

Reported by:
GitHub