Good Day okcupid Security Team!
i just want to report that i found a bug on your website. what i've found out is a xss vulnerability with the use of third party app facebook. at first i upload an image in facebook and name it as "><img src=x onerror=alert(document.cookie);> then go to okcupid.com then i click upload image and i click the facebook icon then viola! an alert box popup containing the cookie information of a user.