Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views.