Stored cross-site-scripting on explorer add node

[Deleted user]

I found that the following string can be added to the node explorer, allowing an attacker to create a stored cross site scripting (XSS) that can be seen under the logs tab.
the string to PUT in explorer is /<img src="yourURLto_the_image" onload="alert('XSS');>.
Attached some screenshots