The template name is not properly sanitised when output back, leading to a stored XSS issue.
PoC
Go to templates tab, click on "add new’, and select page or section Then add XSS payload such as "> on “name your template” field and hit create template