There is a Reflected cross site scripting issue chained using these endpoints:
[1] /admin/content/0/edit
[2] /apiqq</script><script>alert(1)</script>fca4/page
The xss payload will be executed in the browser.
Cross site scripting attacks can lead to cookies stealing (can be chained to account takeover), redirecting users to attackers controlled malicious websites etc