CRLF injection leads to internal XSS on PangleGlobal

A cross-site scripting vulnerability was found on a Pangle endpoint due to CRLF injection on the 'file_name' parameter. This was caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding and could have resulted in a JavaScript payload being injected into the above endpoint and executed within the context of the another user's browser. This vulnerability has been resolved. We thank @serverinspector for reporting this to our team.