Reflected XSS in scores.ubnt.com

Parameter p in https://scores.ubnt.com/form.html?uid=1&p=airFiber is vulnerable to XSS. If a user logs in at https://account.ubnt.com/login and visits https://scores.ubnt.com/form.html?uid=1&p=airFiber"><script>alert(document.cookie);</script>, a message box will be presented with his cookie. Attached is a POC (xss-scores-chrome.png). Vulnerable code of https://scores.ubnt.com/form.html is also attached (xss-vuln-code.png), where it is visible that product (parameter p) is included without proper input validation. This vulnerability can be used to steal cookies (session data) from authenticated users as also for phishing attacks. It can be exploited by sending a malicious link to users or posting this link to a forum. As UBNT implements SSO, this can be very dangerous. To mitigate this vulnerability, consider the following: *output encoding of all special characters *input validation of data suplied from users