I want to report to you a Reflected XSS(cross site scripting) vulnerability that I found in Cloudflare web-application and in a considerable percent can affect the safety of the users . Generally, an "attacker" can use XSS to send a malicious script to an unsuspecting user. The end user's browser has no way to know that the script should not be trusted and will execute the script.
The link where you can see a PoC is: http://js.cloudflare.com/xss%22onload=%22alert%281%29
Regards, Coltuneac Alexandru