An exploitable vulnerability was reported in the Vulnerability Disclosure Program.
Steps to Reproduce
1- Visit the following URL in your browser: https://elogin.sandbox.com/forms/smpwservices.fcc?USERNAME=%514FQDNimg%5194FQDNrc%55dmxx%nerror%5dd3d%54ndcconfirm(document.domain)%&SMAUTHREASON=7
2- You should see an alert indicating a successful Cross-Site Scripting attack.
To resolved this issue, we need to add \ to the BadCSSChars.