RXSS on TikTok endpoints

A Cross-Site Scripting (XSS) vulnerability was found on two TikTok incentive endpoints, due to the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload could be injected into the affected endpoint causing it to be executed within the context of a user's browser. We thank @ashrafabdelrazik for reporting this to our team.