There are two Stored XSS in EPESI when adding a preset.
Steps to reproduce are quite simple:
2) Go to Home
3) Click on "Perspective: My records"
4) Click on "Manage Presets"
5) Click on "Add Preset"
6) Set the name equal to: <img src=x onerror=alert(0)>
7) XSS will be executed when: logging in and many many more occasions which is what makes this XSS dangerous, it will be executed repeatedly without the victim having to do anything except logging in.
1) Do the steps above from 1-6
2) Set the description equal to: <img src=x onerror=alert(0)>
3) This XSS will only be executed when viewing the presets, which is still quite dangerous.