From 2cf90ee428e51256cdfb49e54d6e8845f3b38e59 Mon Sep 17 00:00:00 2001
From: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Date: Mon, 17 Jun 2024 15:38:13 +0000
Subject: [PATCH 1/2] backport of commit
 c8cb3349fe6f3cd8f4a56fab8c1248105d935324

---
 agent/kvs_endpoint.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/agent/kvs_endpoint.go b/agent/kvs_endpoint.go
index e60567cd5b80..65ec44307802 100644
--- a/agent/kvs_endpoint.go
+++ b/agent/kvs_endpoint.go
@@ -293,7 +293,7 @@ func conflictingFlags(resp http.ResponseWriter, req *http.Request, flags ...stri
 		if _, ok := params[conflict]; ok {
 			if found {
 				resp.WriteHeader(http.StatusBadRequest)
-				fmt.Fprint(resp, "Conflicting flags: "+params.Encode())
+				fmt.Fprintf(resp, "Conflicting flags: %v\n", params.Encode())
 				return true
 			}
 			found = true

From 0abd03e783bbf161c22bc6326587131a0e3e639b Mon Sep 17 00:00:00 2001
From: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Date: Mon, 17 Jun 2024 15:47:59 +0000
Subject: [PATCH 2/2] backport of commit
 262efd8f15d4cabe31d95a76997405c46974545e

---
 .changelog/21342.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .changelog/21342.txt

diff --git a/.changelog/21342.txt b/.changelog/21342.txt
new file mode 100644
index 000000000000..d2850bc4fd30
--- /dev/null
+++ b/.changelog/21342.txt
@@ -0,0 +1,3 @@
+```release-note:security
+agent: removed reflected cross-site scripting vulnerability
+```
\ No newline at end of file