I've just uploaded Form Wizard Pro 18.104.22.168 which has a fix to prevent this XSS security bug in the submission viewer and adding support for regex validation of paragraph questions. Note that support for regex validation is a separate issue, no script should be executed in the submission viewer regardless of any regex validation, and regex validation is not really a great solution for preventing script in submissions. So while I did add support for regex validation to the paragragh question type, the fix for preventing XSS was to wrap the submission inside NeatHtml untrusted content control which prevents any script in the content from being executed. Since this was a security bug I felt it was important to get a fix out for this right away. Existing customers can download the latest version from their Order History by signing into this site as the user that made the purchase and clicking the "My Account" link.
Thanks for the bug report.