CVE-2021-40868

In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.

Source: CVE-2021-40868