SSRS Report Input Validation

Hi Team, currently our webportal was tested by the security team and they have opened a ticket saying the SSRS report called within the webportal in vulnerable to Input validations and are saying that Cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. Could you please help how to resolve the same. As we are only passing SQL parameters to the SSRS report how can we validate these.