@arirubinstein reported a reflected XSS vulnerability that existed within the error message of an internal GitHub application. This vulnerability was mitigated by not reflecting user supplied input in the error message.