Cross-site scripting (XSS) is a common attack vector that injects malicious code into a vulnerable web application. Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.
Here name parameter is vulnerable to xss. So after replacing the name with the XSS payload in the facturascripts.ini file. XSS payload will be executed after uploading the modified zip file.
https://drive.google.com/file/d/18NGs-gTbwJVDB9P_1NCfQGUbjT1Jv9MC/view?usp=sharing