These were unearthed by https://slacprod.service-now.com/sys_attachment.do?sys_id=5ef99ae9dbbed300e8bffd0d0f961936
Connectivity.pl
XSS vulnerability against the format parameter in the QUERY_STRING. Fixed by not reflecting the input from the format parameter.
XSS vulnerability against the rawdata parameter in the QUERY_STRING. Fixed by using &valid_ip to validate parameter is a valid IP name or a valid IPv4 or IPv6 address and exiting if not.