I have found a reflected XSS issue in
http://www.rockstargames.com/newswire/tags which is , IMO , somekinda tricky.
The value of the
tags parameter is sent as an XHR request to
/newswire/tagContent/[tags_param]/1 and the response gets printed in the page , also I have found that if the
content-type of the response is
After digging for a while I found this endpoint