The vulnerability occurred due to missing input sanitization for one of the output fields extracted from headers on a specific section of a page. An attacker would need to perform a “Man in the Middle” attack to change a header for a remote victim. causing a reflective cross site scripting attack affecting SolarWinds DPA v2021.3.7388.