Well you saw the post before about the XSS? Yeah thats right, it was not the first XSS on the site, there was also a XSS in the subject parameter when you send a message, which I submitted to the admin aka JayLaw. In the subject header of the message??? Can you believe that?? you could target your victim directly by sending a message and he wouldn't even notice??!! Luckily for Utopia I reported it before some dude sent all these Tor browser update scams... I also sent them a btc address to send a little thanks, but they didn't even pay a lousy cent. All I got was a thank you?! WTF! Others markets paid up to 0.1 BTC for an XSS and 0.3 for SQLI!! Ahh yeah also when you check out this http://ggvow6fj3sehlm45.onion/Pm/compose/1/reply_id:5555 Just change the reply id and you see the subject of every message ever sent I guess... I need to say, nice flaws that you got there Utopia. If you want to thank me now Utopia, here: 13c8369HpHi45Qh7SZmoDa95JrnvqiLYfq You should take security more serious! Seriously guys!
In this day in age XSS is unacceptable even for clearnet sites.