Stored Cross-Site Scripting (XSS) vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Then, the vulnerability can be triggered when the user previews the documentΒ΄s content.
https://drive.google.com/file/d/1xJh3wjyBUB5JF0rsbPblrUUREvtHA-EG/view?usp=sharing