Valve: XSS @ store.steampowered.com via agecheck path name

Hi, I found a Cross-Site Scripting XSS in store.steampowered.com because the path after /agecheck/ is not sanitized as it should. https://store.steampowered.com/agecheck/appmhuh2', sessionid: gsessionID, ageDay: '', ageMonth: '', ageYear: '' .done function response %20 ;alertXSS-by-TvM;function...