Proof of concept :
Step 1 : Login to the application
Step 2 : Come to the user list option
Step 3 : Click on add new user
Step 4 : Add xss payload in firstname field & save it
Step 5 : Now visit to user list we see that our payload executed successfully.