Stored cross site scripting vulnerability on Item name parameter in Assest module. Add payload in item name and whenever the user add the item in his requested assest . The alert will trigger.
Login to the demo account
Go to Asset functionality , add or edit an item name with following payload and save
payload = "><img src>
Go to requested assets , check the item name (payload ), that you added or edit an asset which are already in requested asset
If it is there, alert will be triggered