Cross-site scripting (XSS) vulnerability in login.asp in Ringtail CaseBook 6.1.0 allows remote attackers to inject arbitrary web script or HTML via the users parameter.

login.asp in Ringtail CaseBook 6.1.0 displays different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames.