login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.
CVSS Metrics
