A non-persistent XSS vulnerability is present within the AccessCodeStart.asp page. A malicious user may leverage this to possibly gain access client information in captive portal/hotspot locations using this software.

http://www.securiteam.com/securitynews/5CP0E15OAA.html