severity_rating: medium
created_at: 2018-08-04 08:13:15
vendor: valve https://hackerone.com/valve
bounty_amount: $750
URL: https://help.steampowered.com/en/wizard/HelpWithGameIssue/?appid=704740&issueid=125&option=%3Ch1%3Eunfiltered
It puts option option into a translation token <div class="help_page_title">#Help_Game_MissingItemsTitle{user controlled string here}
And if there's no such translation token, it just prints out the entire user input unescaped.
Impact
XSS.