froxlor/froxlor is vulnerable to Cross-Site Scripting. The vulnerability is due to inadequate sanitization of user input in the loginname
parameter during failed login attempts, which allows attackers to inject and store malicious scripts that are executed when an administrator views the System Logs.