A security researcher, Evan, who contacted us on FB messenger has told us of the flaw.
In the screen shot photo above, the researcher managed to run his crafted script. A message pop-up that reads “XSS by Evan_Popup.”
Evan stated that the vulnerability is already reported to the website administrator and not too long, it will be repaired.
Two other domains are also notified by Evan including www.activision.com and www.n2yo.com.