Cross-site Scripting (XSS) - Reflected on https://api.mtn.sd/carbon/admin/login.jsp via `msgId` parameter - CVE-2020-17453

Hello, I found a Reflected Cross site Scripting (XSS) on https://api.mtn.sd/carbon/admin/login.jsp, CVE-2020-17453 . With this security flaw is possible rewrite the content of page, executing JS codes... ##Steps To Reproduce: How we can reproduce the issue: 1.Go to https://api.mtn.sd/carbon/admin/login.jsp?msgId=%27%3Balert(%27Renzi%27)%2F%2F 2.And we can see alert with Renzi message... {F1259562} Supporting Material/References: * https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132 * https://owasp.org/www-community/attacks/xss/ ## Impact * The attacker can execute JS code. * Rewrite the content of Page