There is XSS at the place where the friend link is added in the background

[N-Next]

In the background, XSS is inserted in the place where the friend link management is added, at the site name and website description, resulting in an XSS popup window appearing at the friend link display place in the foreground <img src=x onerror=alert(1)>