I just received a warning from GoDaddy saying that using your theme opened my site up to cross-site scripting attacks.
Here's the info they sent. Please let me know how to proceed.
At this time, it does appear that your site is vulnerable to Cross-Site Scripting.
You can see this by inserting this URL into your browser:
In order to prevent this type of attack you will need to ensure that untrusted data is kept separate from browser content. The following is recommended:
2. The use of positive or "whitelist" input validation with appropriate canonicalization (decoding) can also help to protect against XSS. Please note that this is not a complete defense as many applications will require special characters in their input.
Additionally you can visit the site below for more information on preventing Cross Site Scripting.