Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.Referenceshttps://syntegris-sec.github.io/filerun-advisory