After a phone call with hosting provider support I can confirm that this “Firewall” is just mod_security added to the server. Unfortunately, since its a shared hosting, I cannot manually change any rules within it.
According to the hint given by @ajnyga in this thread it may be caused by a string containing the words SELECT and USER close to each other. I searched the database and I can confirm that none of the editors (and users in general) have these words combined in their database entries, nor these two words occur in any string related to this action (4 matches in email_templates_default_data, but those emails concern review requests and 2 matches in submissions, but those are completely unrelated bibliographies of the articles). So, I am pretty sure (as @ajnyga suggests two posts below in the linked thread) that mod_security is triggered by the url “/index.php/[xxx]/$$$call$$$/grid/users/user-select/user-select-grid/fetch-grid” itself.