The attacker can send to victim a link containing a malicious URL in an email or instant message
can perform a wide variety of actions, such as stealing the victim's session token or login credentials
Path: /search
GET parameter 'filter[brandid]' is vulnerable to XSS
GET parameter 'filter[price]' is vulnerable to XSS