A reflected cross-site scripting (XSS) vulnerability in msaad1999\'s PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the \'validator\' parameter in \'/reset-password\'.