The Stored XSS vulnerability occurs because the menu editing function can insert a JavaScript Scheme as the value of the menu’s HREF.
1. Go to Content -> Menu -> Edit
2. Enter javascript:alert(document.domain) as the URL value using the Add or Edit menu function.
3. After saving, use the Preview function to access and click the menu in the Bar.
Video : https://youtu.be/tAzuDCUhSZ4
Through this vulnerability, an attacker is capable to execute malicious scripts.