first create two user accounts and grant them permission to access a same folder. In one of the accounts, generate a new item within the folder. Paste the payload XSS into this field, then save the item. Once saved, click on the item to activate an XSS alert.
This is the bypass of CVE-2023-2516
https://drive.google.com/file/d/1tdnqjROAZOxCayaUCAjfLLwkvuQehGy1/view?usp=sharing