The host is installed with Python 2.x through 2.7.16, 3.x through 3.6.9 or 3.7.x through 3.7.4 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle untrusted input with set_server_title. Successful exploitation allows attackers to execute arbitrary JavaScript.