[MEDIUM] PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters

PKSA-7jd6-nb49-bz4v CVE-2024-56412 GHSA-q9jv-mm3r-j47r

Affected package: phpoffice/phpspreadsheet

Affected version: >=2.2.0,<=2.3.4|>=2.0.0,<=2.1.5|<=1.29.6|>=3.0.0,<3.7.0

Reported by:
GitHub