See hidden discussions | Win great prizes | Get free support
I saw this a few months ago this error. I wanted to report it but after what happened to you i decided otherwise.
Yeah, prison interwebs FTW
For educational purposes, any government IT agency/service provider should read this: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
FWIW - reflected and stored XSS are the most common issues across websites and even a billion rand online shop is not safe from this. Most people are ignorant about this and argue "well, you can not do anything with it", but the true issue is that hackers will construct stored/reflected XSS phishing/social engineering attacks and before you know it, they will have access to your online shopping account and it honestly does not take a lot to fix it.
People underestimate the power of XSS it can do some really nasty things. Google has crawled some very interesting databases,emails, usernames and passwords (some hashed some not) of a few local government websites.