I found Stored XSS on https://demo.corebos.com/index.php?action=index&module=evvtgendoc after I was Add Folder
Step 1: Go to Documents function https://demo.corebos.com/index.php?action=index&module=Documents , click Add Folder.
Step 2: Intercept request by Burpsuite and then Insert xss payload.
Step 3: Go to https://demo.corebos.com/index.php?action=index&module=evvtgendoc, Choose Quick Create .
Step4: I was successful trigger XSS
Video POC here :https://drive.google.com/file/d/1tDPuPIUGYTldWxiexcHDaueetxz6TIuu/view?usp=sharing