There is a presence of stored xss in username, which directly gets rendered whenever the page is opened.
1: use the below command to clone the repo in your machine
git clone https://github.com/answerdev/answer.git
2: Navigate inside the repo
cd answer
3: Use docker-compose to spin it up locally
sudo docker-compose up
4: The installation will now be available in http://localhost:9080/install -> open the same in browser
5: While setting up the installation, choose SQLite
6: In the next page it will ask for the sitename. Use <script>alert(1)</script> as the sitename and fill up the rest of the details of the page as it is.
Once the page is opened, it will pop up the stored xss payload directly.