Reported a stored cross site scripting by uploading XML file in October CMS.

Reference:

• https://huntr.dev/bounties/1-packagist-october/rain/