0. Timeline
0.0 Discovery: 2016.01.08
0.1.1 Sent First Report: 2016.01.09
0.1.2 CERT EE ticket #0015878: 2016.01.09
0.1.3 Ack from vendor: 2016.01.11
0.1.4 Some sites fixed by vendor: 2016.01.12
0.2 Disclosure: 2016.03.01

1. Background
mikare.net is a closed source HTML content creation/management solution provider from Estonia[0].

2. Problem
Sites created by mikare.net have XSS[1] on search field.

3. Proof of Concept (PoC) Code
http://varrak.ee/search/?text=%22%2F%3E%3Cimg+src%3D%22http%3A%2F%2Fupload.wikimedia.org%2Fwikipedia%2Fcommons%2Fthumb%2F6%2F68%2FLynx_lynx_poing.jpg%2F240px-Lynx_lynx_poing.jpg%22%3E&x=0&y=0

4. Not an Exhaustive List of Affected Sites
www.varrak.ee
www.tf.ee
www.bergerreisid.ee
www.mikare.net(Yes that is right their own site!)

5. References
[0] www.mikare.net
[1] https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29

APPENDIX - IMAGES
varrak.ee
mailbow.net