[MEDIUM] PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters

PKSA-8b16-mcgz-h4cz CVE-2025-23210 GHSA-r57h-547h-w24f

Affected version: >=2.0.0,<2.1.8|>=2.2.0,<2.3.7|<1.29.9|>=3.0.0,<3.9.0

Reported by:
GitHub