The plugin does not sanitise invalid IPs given in its Toolbox page before displaying them in an error message.
Submit a payload such as <img src onerror=alert(/XSS/)> in the Admin IPs section of the Toolbox (/wp-admin/admin.php?page=litespeed-toolbox)