Cerber Limit Login Attempts <= 2.0.1.6 - Unauthenticated Stored XSS

Description

If the option "I'm behind a proxy" is enabled, the visitor IP is read from X-Forwarded-For header, stored & printed in the admin panel without any sanitization / validation.

Proof of Concept

Set the X-Forwarded-For header to <script>alert(1)</script>, and perform an incorrect login.