During the analysis of PMASA-2010-5 and developing a Nesuss plugin, it was discovered that the 'Verbose server name' field in /setup/index.php does not properly sanitize user-supplied input before being passed to setup/frames/index.inc.php, leading to a stored cross-site scripting issue.