ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer.Referenceshttps://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md#921
