1) Login into the application with the admin.
2) in the content tab > file manager > upload images .
3) create a new image (jpeg format) file and rename  the file with the following
payload <img src=x onerror=alert(document.cookie)>.jpeg
4) browse and upload the modified payload file to execute the stored XSS.
5) the XSS payload will get executed after file upload.