Bookly < 20.3.1 - Staff Member Stored Cross-Site Scripting

As a Staff Member, put the following payload in your Full Name (Booklyn --> Profile --> Edit --> Full Name): <script>alert(/XSS/)</script>

The XSS will be triggered when an admin open the Staff members order page (Booklyn --> Staff Members --> Staff member order)