CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users.Referenceshttp://seclists.org/fulldisclosure/2018/Jun/45
