Update your site because it's still vulnerable to Stored XSS

http://labs.carsonshold.com/fb-photo-selector/

http://i.imgur.com/eBC4eIM.png

Payload: "><img src=x onerror=alert(document.cookie)>

[cshold]

Not sure what can be done about this. What are your thoughts?

https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

[cshold]

Isn't that just you editing the source? Never run into this before so unsure of what the fix is.

No im not editing the source.

I made a Facebook Photo Album then connect in your website to upload a picture but the XSS appeared because of unsecured coding style in your Facebook Photo Selector.

Try to add

htmlentities(album.name)

Search more about how to filter XSS using htmlentities.