Updated vulnerable XSS.java version

java/ql/src/Security/CWE/CWE-079/XSS.java

@@ -1,8 +1,9 @@
 public class XSS extends HttpServlet {
 	protected void doGet(HttpServletRequest request, HttpServletResponse response)
 	throws ServletException, IOException {
-		// BAD: a request parameter is written directly to an error response page
-		response.sendError(HttpServletResponse.SC_NOT_FOUND,
-				"The page \"" + request.getParameter("page") + "\" was not found.");
+		// BAD: a request parameter is written directly to the Servlet response stream
+		response.getWriter().print(
+				"The page \"" + request.getParameter("page") + "\" was not found."); // $xss
+
 	}
 }