Paste the XSS payload into the configuration fields. And I think there are many fields to configure that can be vulnerable to Stored XSS vulnerabilities, such as configuration fields in Options, MFA, API, Emails,… hope you check it too.
https://drive.google.com/file/d/1RDoq3qFFiWsIPltiAFlum5V0wYfZ41FN/view
Tran Van Nhan from bl4ckh0l3 of GalaxyOne