In the admin account, there is a feature to add a user. In this feature, a vulnerability was found in the “Your Name” form.
1.go to https://roy.demo.phpmyfaq.de/admin/?action=user
2.add user with realname <script>alert('123')</script>
3.go to https://roy.demo.phpmyfaq.de/admin/?action=category
4.click button add new top-level category
POC
https://drive.google.com/file/d/1X4LdpwFcrbR7pA1C1-0wIU46S8tIWt0v/view?usp=share_link