Authenticated Reflected Cross Site Scripting Security Issue

There is an authenticated Reflected Cross-Site Scripting vulnerability since the web application does not properly escape the user's input passed via the server parameter in show_sys_state.php.

https://[IP]/monitor/show_sys_state.php?state=server&server=<script>alert()</script>

Credits: Marco Nappi