Crisis Checkin login page appears vulnerable to cross-site scripting

It looks like login input fields are not being properly sanitized.

Steps to reproduce:

Access https://crisischeckin-d.azurewebsites.net/Account/Login

Enter one of the following values as username: 
`<SCript> `
`&#39;`

Result: Server returns full stack trace error