1- As a Lowest Privilege user go to the edit account page of the LMS (e.g
2- Put Your XSS payload in State parameter and save your edits, such as "><script>alert(/XSS/)</script>
3- The XSS will be stored and triggered in the about section of the profile: (e.g[user_name]/)

(Note: WPScanTeam): The XSS will also be triggered in the admin dashboard when viewing the user details, for example