Minical 1.0.0 is vulnerable to Stored Cross-Site Scripting (XSS)

Vendor: https://github.com/minical/minical
Demo Application: https://demo.minical.io/

Step 1: Log in to the Minical Application and Navigate to Room->Room Status.

Step 2: Click on the Edit Room Note option and enter the payload.
Payload= <svg onload=alert(document.location)<!--

Step 3: Click on Save Changes and observe the payload getting triggered.