Description
I noticed that you filtered the comment very carefully.
But there are still some parts you missed
Proof of Concept
1 .Login with admin
2 .Go to “https://demo.instantcms.io/admin/widgets”
3 . Insert payload in Position name and Title
test" onmouseover = "alert(document.cookie)
4 .Click save , and detect store xss
Video Poc
https://drive.google.com/file/d/14rOcvhHlY7vmcCkks1fbl4KMt3XLd4lp/view?usp=sharing