Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint