In order to exploit this systemic stored XSS vulnerability, identify theareas in the web application which has a WYSIWIG editor used, for example, the create/edit course description section.
Input random text in the description section, and create the course while intercepting the request with BurpSuite or your preferred proxy of choice.
In the *description* parameter or the associated parameter that is handling the user input related to the WYSIWIG editor, input the following payload and then issue the request:
<details/open/ontoggle=prompt(origin)>
Rocket lms 1.9 persistent cross site scripting (xss)