Zomato: Zomato.com Reflected Cross Site Scripting

zomato.com/php/liveSuggest.php takes various field input to show customized out put for the users. The data entered to entityid field is not santized or html encoded which allows user to add payloads via this parameter which will be reflected to user. Steps to reproduce : Please click on below li...