oro/platform is vulnerable to cross-site scripting. The library does not properly validate the email template preview content, allowing an authorized attacker to add malicious XSS payload to the email template content and execute when the attacked user preview the template.