Description
I noticed, your website is very secure.
But you overlooked a flaw XSS .
Proof of Concept
Detail:
1 .Login vs admin demo account and access admin page.
2 .Go to Configuration ==> Mail setup.
3 .Insert payload into Password:
test"><script>alert(document.domain)</script>
4 .Click save configuration ==> detect XSS
Video Poc
https://drive.google.com/file/d/1B9xJPGnRSL6HvZOri7kp9TD3LZnUvaHA/view?usp=drive_link