I don't necessarily disagree with the rating of 10 here (I know anything about the actual impact of this vulnerability), but please note that CVSS really isn't a perfect system, and it is quite easy to reach ridiculously high CVSS scores with even minor vulnerabilities, if you are 'maybe a bit too literal' in its interpretation.
The official CVSS3.1 example score for a stored XSS is 9.0.
The official CVSS3.1 example score for a stored XSS is 9.0.