Rad User Manager XSS Vulnerabilities

View the txt advisory/exploit here.

>> #1 Vulnerability
Type = XSS
Almost every parameter accepting user input is vulnerable. Examples:

members/login.php?username=[XSS]
members/signup.php?username=[XSS]
admin/userdetails.php?userId=[XSS]

>> Additional Information
When being installed, the Rad User Manager creates two accounts with default
passwords:

Login: "admin" Password: "radmin"
Login: "user" Password: "radmin"