Reflected XSS on error message on Login Page

Greetings! I've found a reflected XSS on a login page on█████ . The vulnerable link is: `https://███████/users/login?error=<img src='x' onerror="alert(document.domain)">` █████████ ## Impact An attacker can inject crafted javascript that can steal user cookies, impersionate, steal information, deface the website and redirect user to another domain ## System Host(s) ██████████ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps to Reproduce Access `https://██████/users/login?error=<img src='x' onerror="alert(document.domain)">` ## Suggested Mitigation/Remediation Actions Sanitize the output with htmlspecialchars();