diff --git a/common/src/main/java/com/jeesite/common/utils/excel/ExcelImport.java b/common/src/main/java/com/jeesite/common/utils/excel/ExcelImport.java
index 6da81d0b..69dc42e1 100644
--- a/common/src/main/java/com/jeesite/common/utils/excel/ExcelImport.java
+++ b/common/src/main/java/com/jeesite/common/utils/excel/ExcelImport.java
@@ -37,6 +37,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.web.multipart.MultipartFile;
 
 import com.jeesite.common.callback.MethodCallback;
+import com.jeesite.common.codec.EncodeUtils;
 import com.jeesite.common.collect.ListUtils;
 import com.jeesite.common.collect.MapUtils;
 import com.jeesite.common.lang.DateUtils;
@@ -478,6 +479,10 @@ public class ExcelImport implements Closeable {
 						// 参数：Exception ex, int rowNum, int columnNum
 						exceptionCallback.execute(ex, i, column);
 					}
+					// 导入的数据进行 xss 过滤
+					if (val != null && val instanceof String) {
+						val = EncodeUtils.xssFilter(val.toString());
+					}
 					// set entity value
 					if (StringUtils.isNotBlank(ef.attrName())){
 						ReflectUtils.invokeSetter(e, ef.attrName(), val);