Biography component in user profile exists stored XSS vulnerability.
1.Encode XSS payload by Unicode
For example:
<script>alert(1)</script>2.Enter the encoded payload into the Biography component and save it.
3.Reload the user profile and the script is executed.