In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.
Published January 5, 2021.
Mikrotik Routeros