xss2

url:http://localhost/dm/reporting/domains/cost-by-owner.php
Step1:in parameter or Expiring Between -> inject code "/><script>alert(1)</script>
Step2:enter generater report to trigger script