An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could exploit the vulnerable function in order to prepare an XSS payload to send to the product's clients.
https://cyberoo.com/2019/07/16/cyberoo-identifica-vulnerabilita-0day/