Machine Noter

hi guys I am a beginner, but I am trying my hand at capture the flag Noter machine. Unfortunately, I can’t find the vulnerability, I tried automatic tools like Nessus, Owasp etc… , the only vulnerability found is XSS reflected on the page login, but but I can’t exploit it

Can anyone give me some input, hints where to look for the vulnerability ?. Thanks