First request to add a questionnaire and enter the xss payload in the title of the questionnaire.

The DWSurvey system does not filter user input when processing requests.

xss payload is inserted into the database.

The payload is not triggered at the title, but the surveyName is directly set to innerHtml in the popover.