- Create a new Download, add the following payload in the "Version" and "Link Label" fields from the 'Package Settings" section:"><img/src/onerror=alert(/XSS/)>. The XSS will be triggered when viewing/previewing the post with the download.

- Create a new Download, in the "Attach File" section, upload a file named a simple XSS payload or put the following payload into the "insert URL" field: "><img/src/onerror=alert('filename')>.txt then click on the '+' button next to the field and save the download. The XSS will be triggered when editing the download.