Xss in worldserver 11.3.1.4668

First i found this bug in logitech company and report it to hackerOne
but they responded " This tool is from a 3rd party vendor and we are wondering if they know about the issue or if you have reached out to them about this yet. www.sdl.com is the vendor in question"


 
 as you all see URL encoded GET input error was set to login.invalid'"()&% can trigger xss
and JS will execute

sorry I haven't been able to share link because of public and responsible disclosures

you can contact me at fikrikhoir9089@gmail.com