OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor