An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "dns.0.server" parameter.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04