Reflected XSS (mackeeperapp2.mackeeper.com)

### Summary Hi! I found Reflected Cross-Site Scripting attack on mackeeperapp2.mackeeper.com. The problem in `/landings/land/1/ron_cleanprot17/download.php` script that take any GET parameter and pass value of this parameter directly to HTML code of the page. Also, don't forget for mackeeperapp.mackeeper.com, mackeeperapp1.mackeeper.com and mackeeperapp3.mackeeper.com hosts, they have the same code base. ### Step to reproduce `http://mackeeperapp2.mackeeper.com/landings/land/1/ron_cleanprot17/download.php?op=blabla"></option></for><img src=x onerror=alert(document.domain)>`