Authorize on the demo website for tests: https://carspot.scriptsbundle.com/, login is email@example.com and passowrd is asdasd. If this account will be deleted, simply create a new one, it's easy. On the profile page there is one vulnerable input field w/o filering: «Phone Number». Fill in your payload, f.e. <script>alert('QUIXSS')</script> and save this changes. After that, on each page where data from your profile is loading you'll see saved payload in action.