Stored XSS through "Policy Imports --> Imported Policy ID"

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). On the url: http://localhost:8080/ui/?primaryEnvironmentName=ditto_sandbox javascript code can be executed.

Steps to reproduce:

Visit the following URL: http://localhost:8080/ui/?primaryEnvironmentName=ditto_sandbox
Select Policies Imports with the following payload: <img src=x onerror=prompt(876)></img> (See screenshot)
Press "Create", then it triggers the execution of Javascript

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information