GHSA-79xx-vf93-p7cx

### Summary
The researcher discovered zero-day vulnerability Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file into a HTML representation and displays it in the response.

### Details
When generating the HTML from an xlsx file containing multiple sheets, a navigation menu is created. This menu includes the sheet names, which are not sanitized. As a result, an attacker can exploit this vulnerability to execute JavaScript code.

```php
// Construct HTML
$html = '';

// Only if there are more than 1 sheets
if (count($sheets) > 1) {
// Loop all sheets
$sheetId = 0;

$html .= '<ul class="navigation">' . PHP_EOL;

foreach ($sheets as $sheet) {
$html .= ' <li class="sheet' . $sheetId . '"><a href="#sheet' . $sheetId . '">' . $sheet->getTitle() . '</a></li>' . PHP_EOL;
++$sheetId;
}

$html .= '</ul>' . PHP_EOL;
}
```

### PoC
1. Create an XLSX file with multiple sheets :

2. Generate the HTML content
```php
<?php
require __DIR__ . '/vendor/autoload.php';

$inputFileName = 'payload.xlsx';
$spreadsheet = \PhpOffice\PhpSpreadsheet\IOFactory::load($inputFileName);
$writer = new \PhpOffice\PhpSpreadsheet\Writer\Html($spreadsheet);
$writer->writeAllSheets();
echo $writer->generateHTMLAll();
?>
```
3. Enjoy

### Impact

XSS can cause a variety of problems for the end user that range in severity from an annoyance to complete account compromise.
Example of impacts :

- Disclosure of the user’s session cookie, allowing an attacker to hijack the user’s session and take over the account (Only if HttpOnly cookie's flag is set to false).
- Redirecting the user to some other page or site (like phishing websites)
- Modifying the content of the current page (add a fake login page that sends credentials to the attacker).
- Automatically download malicious files.
- Requests access to the victim geolocation / camera.
- ...