Cross Site Scripting In Profile Statement

Hey Sir, I Have found Cross Site Scripting(XSS) Vulnerabilities in updating profile statement, This is Advance XSS Script, You can see it XSS-Gratipay.txt You can also see it live here: https://gratipay.com/~MuhaddiMu/ Steps to produce: 1) Login To Your Account. 2) Click on Edit Statement 3) Copy and Paste the script I provided to you. 'F113916' 4) Save Statement & see it again. See Screenshots I uploaded. 'F113918' 'F113919' User Agent: Chrome and some others Patching: Use Advance XSS Security Thanks! Regards: Muhammad Muhaddis (Cyber Security Researcher)