User can upload image for any definition available in urbandictionary.com. If anyone upload Invalid image file then you return a message through a url like this http://www.urbandictionary.com/cloudinary_cors.html?error=Invalid+image+file
Here the error parameter is vulnerable to xss.
Impact When an user navigates to the affected web page in a browser, the XSS payload will be served as part of the web page . This means that victims will inadvertently end-up executing the malicious script once the page is viewed in a browser. Possible Attack Cookie theft Data theft Insecure redirect
Steps to reproduce Just navigate to theurl given bellow
Tested on firefox