LDAP Settings page (/ldap-server.jsp) is susceptible to XSS - a {{<script>}} tag entered into the BaseDN setting here will be rendered on Server Settings → Profile Settings (/profile-settings.jsp)
Windows Server 2016