Validate Gigya username is vulnerable to XSS attack

This app was designed to verify if username is susceptible to XSS attack.
Screen-Set ID: Default-RegistrationLogin-Copy
In Username try < img src=XYZ onerror=alert(document.domain) >
After registration check loginIds of the created user via Postman
This site is not indexed
A clone of Default RegistrationLogin Screenset is used with the following changes to gigya-register-screen to make it work in dev.nemo.cambridge.org site:
  1. Add metadata for profile.country
  2. Add metadata for data.nemo.role
  3. Add Login ID widget of type Username
  4. Remove subscription checkbox
  5. Map Terms of User checkbox to preferences.terms.nemo