[x-data-spreadsheet] x-data-spreadsheet through 1.1.9 vulnerable to Cross-site Scripting

All versions of package x-data-spreadsheet are vulnerable to Cross-site Scripting (XSS) due to missing sanitization of values inserted into the cells.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-25646
• https://github.com/myliang/x-spreadsheet/issues/580
• https://security.snyk.io/vuln/SNYK-JS-XDATASPREADSHEET-2430381
• https://youtu.be/Ij-8VVKNh7U
• https://github.com/advisories/GHSA-x5cw-843f-r366