Hello, I understand that there are XSS vulnerabilities but it gives the hacker no advantage, as it gives you no access to the Database which does not really exist. All the data are gotten directly from the steem blockchain. The vulnerability test will be checked but it holds no threat.
You are right that you cannot steal data from a database with this kind of attack but there are tons of other possibilities to abuse that vulnerability.
just a quick reference here of some possibilities bad people could use your site for after quick google search.
Anyways im glad to hear that you will fix that & keep up the great work :)
I really do appreciate your work as this will help me make steempayout.com better. I will work on that. It is just a simple tweak on the htaccess and appropriate 404 page
Thats a great solution, looking forward to see that live in action :)
As the utopian mod stated above, you should allow issues for your project. It brings way more possibilities to contact you. I just posted under your utopian post since there was no other way to inform you about this issue...
Also make sure to add a license and readme, since utopian rules state them as necessary to be a valid project.