Have been contacted by someone from 'open bug bounty' - have looked into them and they seem legit? - but they have said that a site I have (in the PM) has a xss vuklnerability. They havent provided more details than that at this time.
Just wanted to ask if this was to do with the the action="<?php echo (htmlentities($_SERVER["PHP_SELF"], ENT_QUOTES)); ?>" in the contact form element and not requiring it filled in?
Or is it something else?