Because you allow tags in your page it is treated as vulnerability.
Instead of writing
<span class="sup">®</span>
you could write
<script>alert("Alert");</script>
which would be a persistent XSS.
Try to refactor your code to not include any tags inside your value from the database. Else be sure that the value from the database is sanitized.