From c18c911ac8ec1ce9b7ba1e5a00cb38201910cf9a Mon Sep 17 00:00:00 2001
From: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
Date: Mon, 17 Jun 2024 12:54:37 -0500
Subject: [PATCH] [Security] Close cross scripting vulnerability  (#21342)

* close vulnerability

* add changelog
---
 .changelog/21342.txt  | 3 +++
 agent/kvs_endpoint.go | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 .changelog/21342.txt

diff --git a/.changelog/21342.txt b/.changelog/21342.txt
new file mode 100644
index 0000000000..d2850bc4fd
--- /dev/null
+++ b/.changelog/21342.txt
@@ -0,0 +1,3 @@
+```release-note:security
+agent: removed reflected cross-site scripting vulnerability
+```
\ No newline at end of file
diff --git a/agent/kvs_endpoint.go b/agent/kvs_endpoint.go
index e60567cd5b..65ec443078 100644
--- a/agent/kvs_endpoint.go
+++ b/agent/kvs_endpoint.go
@@ -293,7 +293,7 @@ func conflictingFlags(resp http.ResponseWriter, req *http.Request, flags ...stri
 		if _, ok := params[conflict]; ok {
 			if found {
 				resp.WriteHeader(http.StatusBadRequest)
-				fmt.Fprint(resp, "Conflicting flags: "+params.Encode())
+				fmt.Fprintf(resp, "Conflicting flags: %v\n", params.Encode())
 				return true
 			}
 			found = true