The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Add Item,And name is payload (<script>alert(location)</script>).
https://drive.google.com/file/d/148ERlRpfmNDpNXY4X3sW8SqP_UOmute8/view?usp=sharing
Click Item list,xss is executed.
https://drive.google.com/file/d/1ITonDK4LRg4fEsL8FY7-1G7dTwIhqlJo/view?usp=sharing
https://drive.google.com/file/d/1eMU6WD6ZZiqCKE9f08iUKFjJo2fRJyeg/view?usp=sharing