An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant.