The search documents function was infected with xss because the title payload was not filtered resulting in xss when searching to /de.
1.Go to edit page title /de
2.Enter this xss code
<img src>
3.Go to “Search Documents” and type in “7*7” search box to find /de
–> xss will be executed and an alert will appear
https://drive.google.com/file/d/1qTiev3mUJy1V288CL5JR9RtHIpdYXQTy/view?usp=sharing