Dali radius is suffering from CSRF / XSS / SQL Injectionl.
The bug is due to not sanitizing the GET POST fields Correctly..
For full detials
Indeed, it's a known issue and I've emailed on this previously on the community mailing list to inform users to only allow access to daloRADIUS web interface to trusted peers and take all measures to lock it down.
You seem to have CSS turned off.
Please don't fill out this field.
Are you going to fix this?