Did you responsibly disclose the vulnerability to the site owner? Or did you first publish this report publicly?
According to this:
Why don't you try it yourself??
1. Go to:
https://analyzer.nastyfans.org/?s=12. Inside the search, paste:
"><script>alert('Boris007 was here')</script>
3. Press submit and see the XXS being execute.
I believe he initially posted it here and calls that a "responsible disclosure".
I wonder whether he got the permission to look for vulnerabilities from the server owner/administrator and hoster.
This question still matter's as it's not good look or practice at testing vulnerabilities on such website's without the owner's knowledge.
OP should have atleast notified OgNasty before injecting any scripts.
It is not just "not good", but illegal.
The requested person was informed before disclosing it here.