The demo website is affected of stored XSS at multiple menus.
#1. Access to the demo website http://demos4.softaculous.com/
#2. Login with admin user they provide, press on menu Uploader, in Uploader tab, try to upload whichever file then choose Media manager tab.
#3. We can see that the file is uploaded there and the web app allows us to add new gallery. Write a payload xss there and press Add button (In this scenario, I used payload "><img src>
#4. The payload will be triggered immediately.
#1. Access to the demo website and press on Entries menu.
#2. Choose the tab “Write Entry”, in Textarea, write xss payload "><img src>
#3. Press “Save & Continue” and the payload xss will be trigged in some places. (Watch PoC video for detail)
Note: This happen the same with menu Statics.