There is another Stored XSS in EPESI when creating meetings, I will create them in calendar for PoC.
Steps to reproduce:
1) Go to calendar
2) Double click on a free time slot
3) Click on "meeting"
4) In the description put <img src=x onerror=alert(21)>
(make sure to assign to all users)
5) Click on create
When a victim hovers over the i of the meeting the XSS will be executed.
Thank you!