TikTok: CRLF injection leads to internal XSS on PangleGlobal

A cross-site scripting vulnerability was discovered due to carriage return line feed injection on the filename parameter of a PangleGlobal endpoint. This could have allowed JavaScript code execution in a user's browser through reflected cross-site scripting. The vulnerability has since been...