How to reproduce

• disable the "ignore browser test" in _admin of the back-office
• access to the back-office with an unknown browser

Actual behavior

• A page is displayed with a message to explain that this browser is not compatible
• the parameter URI is available in the adress bar
• the parameter is used without any control to create the redirection link on the button to force access, this is an XSS security flaw