Cross-Site Scripting: Reflected

[QiAnXinCodeSafe]

sds/sds-admin/src/main/java/com/didiglobal/sds/admin/controller/HeartbeatController.java

Lines 71 to 73 in 0ac9dbe

	hbResponse.setErrorMsg("客户端请求非法：" + request.getParameter("client"));
	return hbResponse;

There may be special characters in ‘’request.getParameter("client")‘’.Sending unvalidated data to a web browser can result in the browser executing malicious code.