An Self XSS bug is present for "Product Backlog Item" for adding a Product Backlog details of the issue has been emailed to security team.
Steps to Reproduce:
1. Login into Scrum Management Portal as productowner and click on your desired product in default instance it's "Demo Product 1 [DEMO-PRODUCT-1]"
2. The above url in my case is https://localhost:8443/scrum/control/AddProductBacklog?productId=DEMO-PRODUCT-1
3. Now double click on any of the "PRODUCT BACKLOG ITEM" and change the value to <script>alert(1)</script> and click on OK
4. One can see that the XSS payload executed confirming the Self XSS
Note: Same has been confirmed by Security Team so publishing publicly through Ofbiz Jira platform.