Blind stored XSS via any unauthorized or anonymous (visitor) user without any privileges can inject XSS payload in “Add question” page in “Your Name” input field then it will be executed in admin panel in Open Question page
https://drive.google.com/file/d/1RusFJNXtxx-bzELJZLk-ZZZH0lX6ydWp/view?usp=sharing