Long story short, I’ve emailed them a few times, tweeted at them and no answer to fix their security.
I have decided to do a full disclosure regarding this.
You have a reflected XSS vulnerability located at this domain: https://shop.primagames.com/us/search?p=
This was tested on the latest version of Firefox 61.0.1 (64-bit).
By entering this payload in the URL, you are able to execute a script (XSS):
Once again, this post is NOT meant to do anything harmful to the website. I am just a security researcher who is trying to help secure your website — other websites as well.
I hope you see this post and fix your issue very soon and secure your users.
If you have any questions or comments, feel free to message me on Twitter @Skeletorkeys
Thanks for reading.