QIWI: [static.qiwi.com] XSS proxy.html

Hi, https://static.qiwi.com/respond/proxy.html contains a Cross-site scripting. query = getQueryString; css = query"css"; domain = query"url"; if css && domain ajaxcss, function response window.name = response; window.location.href = domain; // this line here is vulnerable to Cross-site scripting...