Reflected XSS On [https://www-useast1a.tiktok.com/ug/incentive/share/hd]

A Cross-Site Scripting (XSS) vulnerability was found on TikTok incentive endpoint via x parameter, due to the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload could be injected into the affected endpoint causing it to be executed within the context of a user's browser. We thank @ashrafabdelrazik for reporting this to our team.