openITCOCKPIT prior to 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.
it-novum openitcockpit