Reflected XSS on ███

## Summary Reflected XSS on `█████████` for invalid paths. ## Description Requesting a non-existent path on `█████`, such as `https://██████████/chron0x` the site responds with `No jsonpage404 is /chron0x versus /chron0x./chron0x does not exist`. As it can be seen, the path is reflected. This can be exploited with an XSS. Note: I am reporting this here, since the foorter of `███` states `Official ███ Website. The ████████ is an Equal Opportunity Employer.`, and the █████ underlies the DoD. If this should not belong to the DoD scope I would kindly ask to self close this issue. ## Step-by-step Reproduction Instructions 1. Visit `http://█████████/<svg onload=alert("chron0x")>` ## Mitigation/Remediation Actions Sanitize the path input or switch to a generic error message. ## Impact Javascript can be executed to steal data, etc.