DISCLAMER: I wasn't able to get the flag due to time shortage, but all the main ideas of the challange are here. This are basically the notes i take over the challange in order to figure out the solution of the puzzle. The approach i use in order to define a path toward the solution using the hints in the code that guides me in a specific direction.
The challange as far as i can tell consist in finding a Stored XSS and fish the admin to review the room to steel his cookies.
There are various hints that makes me think so:
headers: {